Public and private sector organizations worldwide trust Exterro FTK for their investigations.
Share digital forensic evidence in real-time with case teams and external reviewers across the globe.
FTK Central is the only forensic platform that truly combines blazing-fast processing power, limitless scalability, and simplified review in a collaborative, web-based solution.
Work together with external reviewers as well as team members in real time to uncover evidence faster.
Collect from Anywhere
Forensically collect data from anywhere. Perform covert on- or off-network collection from remote endpoints, as well as cloud data sources.
Process Evidence Faster
Configure multiple distributed processing engines to scale up and reduce processing time from days to just hours.
Conduct internal investigations with multiple reviewers with the intuitive Smart View.
WIth FTK Central, multiple investigators can work simultaneously on a single case, sharing evidence without duplicating work or wasting time. The user-friendly UI enables non-technical reviewers like HR or legal team members to be instantly productive with minimal training. Near-native views of mobile data, chats, spreadsheets, and Mac app artifacts help reviewers feel comfortable working with evidence.
Collaborate within and across jurisdictions with centralized evidence review.
Police forces are hamstrung by disjointed forensics workflows that create a mountain of data, evidence processing delays, and delayed justice for victims. FTK Central empowers frontline investigators to review their own evidence and collaborate with other examiners to reduce lab backlogs.
Identify malicious activity before it wreaks havoc with scalable Volatile Memory Collection.
Use FTK Central to determine if your organization has been compromised by examining traces of suspicious activity. Scan your network for clues like Indicators of Compromise (IOCs), YARA and MISP rules. Easily collect volatile data from up to 20,000 remote endpoints at once to preserve evidence and prioritize where to perform full-disk collections.
Perform covert cloud data source collection from popular tools like the G Suite, Gmail, Microsoft Office365, Teams, One Drive, Exchange, and SharePoint, plus Slack and Box.
Integration with Semantics 21 allows forensic investigators to easily share their CSAM image categorization work with collaborative hash databases like CAID and Project Vic.
Maintain security by setting permissions for each case file so reviewers only see data that is relevant for their assigned cases.
Integrate with SIEM and SOAR solutions to automate the instant preservation of remote endpoint evidence upon detection of an intrusion. Automate case creation, evidence processing, searching and labeling – all without complicated scripting.
Frequently asked questions
Can FTK Central accommodate users inside and outside my organization?
Yes. FTK Central can be configured behind your firewall for inside review teams to work together on cases, and its web-based review infrastructure can also securely allow for outside investigators or attorneys from other jurisdictions and agencies to participate in the review process, regardless of their location.
Is FTK Central compatible with other FTK products?
Yes, FTK Central integrates seamlessly with other tools like FTK Lab and FTK Enterprise to enhance your existing forensic lab ecosystem and provide a web-based solution to fit all skillsets. It can also integrate with FTK Connect to automate workflow processes such as collection, processing, searching, labeling, exporting, and more.
Can FTK Central be hosted in a cloud environment?
Yes, FTK Central can be easily deployed in a cloud environment like AWS or Azure to scale your infrastructure. Host it in your own private cloud or with a third-party provider.
What types of endpoint preview or collection can FTK Central perform?
FTK Central has the ability to perform live preview and full-disk data collection from both on-network and off-network Windows and Linux endpoints. It can also perform targeted preview, targeted (or filtered) collection, volatile data capture, IOC scans, YARA and MISP scans, and remediation.
Which cloud sources can FTK Central collect from?
FTK Central can collect from Microsoft Exchange Online, Exchange On Prem, OneDrive, OneNote, SharePoint, Teams, and Yammer. Google Drive, Gmail, Slack, and Box, as well as from network shares. Additional cloud connectors are available upon request.
How many DPE processing engines can be configured with FTK Lab?
Increasing the processing power of FTK Central is easily achieved with additional hardware. With its centralized processing farm infrastructure, you can configure FTK Central with up to 16 Distributed Processing Engines (DPE) per Distributed Processing Manager (DPM). We recommend starting with 6-8 DPEs when you first implement FTK Central and scale up from there. For more information about FTK Central configuration, reference the System Specification Guide.
Ready to Learn More?
Learn how FTK Central can simplify your current DFIR workflow
Distributed processing capabilities
Guaranteed application uptime
Extra hours of productivity per day
Harness the power of cloud-based forensic processing & collaboration
Learn How FTK Central Can Simplify Your DFIR Investigations
The only forensic platform that combines blazing-fast processing power, limitless scalability, and simplified review in a collaborative, web-based solution.
Exterro’s integration with Semantics 21 allows forensic investigators to easily share their image categorization work on Child Sexual Abuse Material (CSAM) with the United Kingdom’s national Child Abuse Image Database (CAID) for known CSAM images.
Download this Exterro quick guide to learn about new digital forensics technology that's transforming how law enforcement professionals investigate cases.
Ready to get started?
See our collaborative workflow solutions in action.Get a Demo