Skip to content
An image of a data center with many servers

Divide and Conquer Massive Data Sets with FTK Lab

Combine powerful, lightning-fast distributed DPE processing with multi-user review functionality in a centralized investigative platform to get evidence into the hands of forensic investigators and resolve investigations faster.

Exterro is proud to partner with global law enforcement agencies and regulators.

Federal Office of Police fedpol logo West Midlands Police Logo Norwegian Competition Authority Logo NGA Logo NCIS Logo

Scale up to a centralized investigative platform for large data sets, heavy case loads, or distributed case teams.

A computer server in a dark room A computer server in a dark room

With FTK Lab you can unleash the power of distributed processing and multi-user collaborative review to get through more digital evidence in less time, allowing agencies to clear out case backlogs, indict sooner, and close cases faster.

  • More Processing Power

    With virtually limitless scalability, an FTK Lab centralized processing farm with up to 16x distributed processing engine (DPE) capabilities can cut through large data sets in hours instead of days.

  • Be More Productive

    FTK Lab’s intuitive interface design makes it easier for both experienced investigators and non-technical users to navigate within the software, allowing them to work together in the same centrally located case files with defined reviewer roles.

  • Find More Evidence

    Eliminate hours spent manually digging for the data types you’re interested in.  FTK Lab intelligently categorizes and displays the most data artifacts to help you pinpoint key evidence faster.

National Police Agency - Exterro FTK Case Study

Become a processing powerhouse with scalable processing.

Produce astounding processing and indexing results with the distributed setup of FTK Lab. Process 7 TB of data with 11 DPEs in less than two hours, and process AFF4 Mac images 8x faster than the competition. 

European Tax Agency - Exterro FTK Case Study

Empower distributed teams with centralized collaboration.

Perfect for computer forensics labs, FTK Lab’s centralized architecture and shared case database keep all parties on the same page, while fully securing electronic evidence at the case or file level. Non-technical users, such as attorneys and outside experts, can participate in the review process, regardless of their location.

A hand is touching a phone with a padlock on it

Investigate mobile device evidence and review chat app data with Mobile Data Parsing.

Leverage FTK Lab’s powerful processing engine to parse computer and mobile data in a single database to find connections across data sources.  FTK Lab supports native unprocessed UFD extractions from mobile devices provided by tools like Cellebrite, Oxygen, XRY or GrayKey.  Review chat messages from apps like Twitter and WhatsApp, reconstructed in their near-native view to quickly interpret the conversation.

Additional Capabilities

  • Optional Workflow Automation

    Automate case creation and evidence processing, as well as next steps such as searching and labeling results, exporting data, and more, with FTK Connect for Law Enforcement – all without any user interaction or complicated scripting.

  • Multimedia Thumbnail Review

    Hover over and click on thumbnails to easily inspect pictures of interest. FTK Lab provides context for every image by reconstructing the device user’s activity leading up to and following the creation of the image via built-in mini timelines.

  • Role Assignment

    Permissions allow each user to access only the data relevant to their part of the investigation. Dividing the evidence creates more efficient and secure workflows, so you can bring in non-technical users without worrying about compromising data.

  • Image Identification and Categorization

    Use facial and object recognition to automatically locate images containing that same content. Help identify victims faster in CSAM investigations by analyzing and grading images and videos, then comparing them with collaborative hash databases like Project Vic and CAID UK.

The most innovative companies in digital forensics partner with Exterro

From technology companies to organizations fighting child exploitation, Exterro’s partners make a difference for digital forensic investigators.

Semantics 21 Logo
Project VIC International Logo
Grayshift Logo
RWS Logo

“We needed a forensic tool to handle all the seized data we’re collecting on dawn raids under court orders. We need a system that can handle a lot of emails and large data volumes… with integrity, trustworthiness, and effectiveness, including the chain of custody for all the evidence we collect.”

Karstein Haukås, Senior Advisor
Karstein Haukås Senior Advisor, Norwegian Competition Authority

Frequently asked questions

  • How many DPE processing engines can be configured with FTK Lab?

    Increasing the processing power of FTK Lab is easily achieved with additional hardware.  With its centralized processing farm infrastructure, you can configure FTK Lab with up to 16 Distributed Processing Engines (DPE) per Distributed Processing Manager (DPM).  We recommend starting with 6-8 DPEs when you first implement FTK Lab. 

    For more information about FTK Lab configuration, reference the System Specification Guide.

  • Can FTK Lab accommodate users inside and outside my organization?

    Yes!  FTK Lab can be configured behind your firewall for inter-agency review teams to work together on cases.  And its web-based review infrastructure can also securely allow for outside investigators or attorneys from other jurisdictions and agencies to participate in the review process, regardless of their location.

  • Can FTK Lab be deployed in the cloud?

    FTK Lab can be easily deployed in a cloud environment like AWS or Azure to scale your infrastructure, control costs, and save on hardware. You can host FTK Lab in your own private cloud environment for full control over your hardware configuration, or host with a third party provider and simply bring your FTK Lab licenses with you and scale up or down as needed depending on case sizes. Another possible benefit is that a cloud setup can often be purchased out of an operating budget instead of a capital budget. Bottom line: many of our FTK Lab customers successfully use a cloud configuration and have achieved extraordinary processing speeds and cross-agency collaboration milestones.

  • What kinds of user permissions can be set in FTK Lab?

    FTK Lab’s roles and permissions can allow each user to access only the features and data that are relevant to their part of the investigation. Administrators can assign users to a specific case or set of data within a case.  Users can even be restricted by feature, so only qualified users can access more advanced functions.  

    Dividing the evidence creates a more efficient and secure workflow, so you can bring in non-technical users without worrying about the data being compromised. With the web-based, true native review system, non-technical users (such as attorneys, HR personnel, outside experts, etc.) can be given case file access, regardless of where they’re located.

  • Does FTK Lab work with the newest Smart View interface?

    Yes, FTK Lab offers both the traditional Core View UI and the new Smart View interface for users of all skill levels.  For example, newer or less technical users can work in the Smart View and collaborate with an investigator back in the lab who's still using Core View.  They can work in the same case file together and both see each other’s changes because the case files are centralized and the interface is simply a personal preference for each user.

  • What types of digital devices can FTK Lab collect data from?

    Create full-disk forensic images and process a wide range of data types from many sources, including Windows and Linux hard drives, CD’s and DVDs, thumb drives or other USB devices, network data and Internet storage, all in a centralized, secure database.  

    You can also optionally include FTK Central in your FTK Lab environment to add remote endpoint and cloud data source collection capabilities.

Ready to Learn More?

 Talk with an FTK Lab expert about your current workflow

A group of police officers standing on a street A group of police officers standing on a street

7TB of Data

Processed with 11 DPE’s

1 hour 40 mins

Basic Processing

11 hours, 44 mins

Processed with Indexing

National Police Agency Becomes a Processing Powerhouse with FTK® Lab

Some cases produce such massive amounts of data that they overwhelm existing equipment. One European police agency was able to produce astounding processing and indexing results with their distributed setup of FTK Lab. The agency configured one Distributed Processing Manager (DPM) to manage 11 Distributed Processing Engines (DPEs), thus distributing the processing power across 11 pieces of hardware for lightning-fast results. 

 “FTK Lab has gone through the data like a wildfire and we are very happy about it.” 

Martin Kilchoer, Digital Crimes Investigation Unit


Learn How FTK Lab Can Power Your Large-Scale Forensic Investigations

Product Briefs

FTK Lab Product Brief

Digital forensics units throughout the world are inundated with ever-growing caseloads and increasingly massive data sets. FTK Lab helps forensics labs gain control over their caseload by enabling examiners to work cases faster and more efficiently


White Papers

Divide & Conquer with FTK Lab

Learn how scalable processing and collaboration can help computer forensics labs across the United States and around the world deal with their ever-growing caseloads. 

Ready to get started?

Learn how to divide and conquer massive data sets with FTK Lab

Request a demo