FTK Central gives enterprise teams one platform for endpoint investigation, evidence processing, analysis, review, collaboration, automation, and case management. Now, with Exterro ARMOUR for FTK, investigators can begin with a plain-language objectives and reach evidence-supported findings faster across live endpoints.


Exterro FTK Central is the centralized enterprise platform for live endpoint investigation, evidence processing, review, collaboration, workflow automation, and case management. ARMOUR for FTK extends that foundation by turning plain-language investigative objectives into coordinated forensic work and investigator-validated findings.
Follow an investigation from a plain-language objective through live endpoint inspection, targeted collection, evidence correlation, and human validation. See how Agentic AI reduces manual work while preserving FTK Central’s forensic depth, platform controls, and investigator oversight.
Follow an investigation from a plain-language objective through live endpoint inspection, targeted collection, evidence correlation, and human validation. See how Agentic AI reduces manual work while preserving FTK Central’s forensic depth, platform controls, and investigator oversight.
The six-step workflow keeps scope, permissions, evidence review, and consequential decisions under investigator control.

Exterro ARMOUR for FTK uses the power of our foundational AI stack for turning investigative intent into controlled, explainable action. In FTK Central, human-guided agentic AI helps plan and coordinate authorized work across live endpoints, while Exterro’s forensic technology performs the analysis and investigators validate the evidence and decisions.

Exterro ARMOUR for FTK builds on FTK Central’s existing investigation, processing, review, collaboration, automation, and evidence-management capabilities. It changes how teams initiate and coordinate work while preserving the platform, forensic functions, data, workflows, and controls they already rely on.

Investigators describe what they need to understand in plain language. ARMOUR for FTK interprets the objective, identifies the forensic steps and evidence sources that may be required, and develops a controlled plan within the organization’s configured policies, permissions, and approval rules.

With ARMOUR for FTK, FTK Central reaches available live endpoints and coordinates authorized inspection, targeted collection, memory acquisition, artifact analysis, threat checks, and timeline development. This helps teams establish scope before volatile evidence changes, disappears, or becomes harder to interpret.

Generic AI can reason, summarize, and recommend. Exterro adds live endpoint reach, proprietary forensic functions, evidence handling, job management, permissions, and enterprise investigation workflows. Exterro technology performs the authorized work and returns evidence-supported findings for investigator validation.

Correlate activity across processes, memory, logs, files, browsers, communications, users, devices, and timelines. Exterro ARMOUR for FTK organizes the returned evidence in investigation context, helping teams move from isolated technical results to a coherent understanding of what happened.

FTK Central brings together capabilities previously delivered across Exterro’s enterprise, laboratory, and workflow-automation products. Teams can manage remote endpoint investigations, evidence processing, multi-investigator review, defined workflows, and case activity within one consolidated platform experience.

The investigator defines the objective and scope. Policies and permissions govern which actions may occur, approval rules control consequential steps, and the investigator validates the findings, refines the inquiry, and determines the response. Actions, evidence, results, and approvals support a reviewable investigation record.

Exterro ARMOUR for FTK investigates live, connected enterprise endpoints remotely, while Exterro ARMOURop investigates evidence already loaded into a local, controlled environment.
Use Exterro ARMOUR for FTK when the investigation requires fleet reach, remote actions, and current endpoint evidence. Use Exterro ARMOURop when the evidence is already acquired, offline, isolated, or air-gapped.
.jpg)
Supported Exterro connectors extend investigations beyond the endpoint by linking relevant email, cloud storage, collaboration, legal, and business context. Across the Exterro platform, more than 190 native connectors provide secure access to enterprise data sources.
.png)
FTK Central and ARMOUR for FTK use controlled permissions, configured approval points, evidence-linked findings, and human validation to support reviewable enterprise investigations. Exterro’s security program includes ISO 27001, SOC 2, FedRAMP, TISAX, and HITRUST certifications.
See how Exterro ARMOUR for FTK accelerates investigation across live enterprise endpoints.
Why: “Accelerates” is stronger and more natural than “upgrades investigation.”
“This system reduces the burden of the staff in the FOIA Request Service Center during the collection, review and preparation of documents and materials in response to FOIA requests.”
Explore resources for moving from investigation triggers to evidence-supported answers faster.

Learn how the Agentic AI upgrade connects plain-language investigation to live endpoint reach, Exterro forensic execution, evidence correlation, and human validation.

While ransomware attacks and data breaches are justifiably scary, insider threats are far more common—and far more damaging—than most people know. Installing a digital forensic investigation process like the one laid out in this checklist can help you quickly and efficiently assess whether a departing employee is a threat to your organization.

See how organizations can run centralized enterprise investigations in a dedicated, managed FTK Central environment without building and maintaining the underlying forensic infrastructure.