Exterro is proud to partner with global law enforcement agencies and regulators.
Scale up to a centralized investigative platform for large data sets, heavy case loads, or distributed case teams.
With FTK Lab you can unleash the power of distributed processing and multi-user collaborative review to get through more digital evidence in less time, allowing agencies to clear out case backlogs, indict sooner, and close cases faster.
More Processing Power
With virtually limitless scalability, an FTK Lab centralized processing farm with up to 16x distributed processing engine (DPE) capabilities can cut through large data sets in hours instead of days.
Be More Productive
FTK Lab’s intuitive interface design makes it easier for both experienced investigators and non-technical users to navigate within the software, allowing them to work together in the same centrally located case files with defined reviewer roles.
Find More Evidence
Eliminate hours spent manually digging for the data types you’re interested in. FTK Lab intelligently categorizes and displays the most data artifacts to help you pinpoint key evidence faster.
Become a processing powerhouse with scalable processing.
Produce astounding processing and indexing results with the distributed setup of FTK Lab. Process 7 TB of data with 11 DPEs in less than two hours, and process AFF4 Mac images 8x faster than the competition.
Empower distributed teams with centralized collaboration.
Perfect for computer forensics labs, FTK Lab’s centralized architecture and shared case database keep all parties on the same page, while fully securing electronic evidence at the case or file level. Non-technical users, such as attorneys and outside experts, can participate in the review process, regardless of their location.
Investigate mobile device evidence and review chat app data with Mobile Data Parsing.
Leverage FTK Lab’s powerful processing engine to parse computer and mobile data in a single database to find connections across data sources. FTK Lab supports native unprocessed UFD extractions from mobile devices provided by tools like Cellebrite, Oxygen, XRY or GrayKey. Review chat messages from apps like Twitter and WhatsApp, reconstructed in their near-native view to quickly interpret the conversation.
Optional Workflow Automation
Automate case creation and evidence processing, as well as next steps such as searching and labeling results, exporting data, and more, with FTK Connect for Law Enforcement – all without any user interaction or complicated scripting.
Multimedia Thumbnail Review
Hover over and click on thumbnails to easily inspect pictures of interest. FTK Lab provides context for every image by reconstructing the device user’s activity leading up to and following the creation of the image via built-in mini timelines.
Permissions allow each user to access only the data relevant to their part of the investigation. Dividing the evidence creates more efficient and secure workflows, so you can bring in non-technical users without worrying about compromising data.
Image Identification and Categorization
Use facial and object recognition to automatically locate images containing that same content. Help identify victims faster in CSAM investigations by analyzing and grading images and videos, then comparing them with collaborative hash databases like Project Vic and CAID UK.
Frequently asked questions
How many DPE processing engines can be configured with FTK Lab?
Increasing the processing power of FTK Lab is easily achieved with additional hardware. With its centralized processing farm infrastructure, you can configure FTK Lab with up to 16 Distributed Processing Engines (DPE) per Distributed Processing Manager (DPM). We recommend starting with 6-8 DPEs when you first implement FTK Lab.
For more information about FTK Lab configuration, reference the System Specification Guide.
Can FTK Lab accommodate users inside and outside my organization?
Yes! FTK Lab can be configured behind your firewall for inter-agency review teams to work together on cases. And its web-based review infrastructure can also securely allow for outside investigators or attorneys from other jurisdictions and agencies to participate in the review process, regardless of their location.
Can FTK Lab be deployed in the cloud?
FTK Lab can be easily deployed in a cloud environment like AWS or Azure to scale your infrastructure, control costs, and save on hardware. You can host FTK Lab in your own private cloud environment for full control over your hardware configuration, or host with a third party provider and simply bring your FTK Lab licenses with you and scale up or down as needed depending on case sizes. Another possible benefit is that a cloud setup can often be purchased out of an operating budget instead of a capital budget. Bottom line: many of our FTK Lab customers successfully use a cloud configuration and have achieved extraordinary processing speeds and cross-agency collaboration milestones.
What kinds of user permissions can be set in FTK Lab?
FTK Lab’s roles and permissions can allow each user to access only the features and data that are relevant to their part of the investigation. Administrators can assign users to a specific case or set of data within a case. Users can even be restricted by feature, so only qualified users can access more advanced functions.
Dividing the evidence creates a more efficient and secure workflow, so you can bring in non-technical users without worrying about the data being compromised. With the web-based, true native review system, non-technical users (such as attorneys, HR personnel, outside experts, etc.) can be given case file access, regardless of where they’re located.
Does FTK Lab work with the newest Smart View interface?
Yes, FTK Lab offers both the traditional Core View UI and the new Smart View interface for users of all skill levels. For example, newer or less technical users can work in the Smart View and collaborate with an investigator back in the lab who's still using Core View. They can work in the same case file together and both see each other’s changes because the case files are centralized and the interface is simply a personal preference for each user.
What types of digital devices can FTK Lab collect data from?
Create full-disk forensic images and process a wide range of data types from many sources, including Windows and Linux hard drives, CD’s and DVDs, thumb drives or other USB devices, network data and Internet storage, all in a centralized, secure database.
You can also optionally include FTK Central in your FTK Lab environment to add remote endpoint and cloud data source collection capabilities.
Ready to Learn More?
Talk with an FTK Lab expert about your current workflow
7TB of Data
Processed with 11 DPE’s
1 hour 40 mins
11 hours, 44 mins
Processed with Indexing
National Police Agency Becomes a Processing Powerhouse with FTK® Lab
Some cases produce such massive amounts of data that they overwhelm existing equipment. One European police agency was able to produce astounding processing and indexing results with their distributed setup of FTK Lab. The agency configured one Distributed Processing Manager (DPM) to manage 11 Distributed Processing Engines (DPEs), thus distributing the processing power across 11 pieces of hardware for lightning-fast results.
Learn How FTK Lab Can Power Your Large-Scale Forensic Investigations
Digital forensics units throughout the world are inundated with ever-growing caseloads and increasingly massive data sets. FTK Lab helps forensics labs gain control over their caseload by enabling examiners to work cases faster and more efficiently
Learn how scalable processing and collaboration can help computer forensics labs across the United States and around the world deal with their ever-growing caseloads.
Download this case study to learn how Exterro helped a European government agency shift to a remote forensic software solution.
Ready to get started?
Learn how to divide and conquer massive data sets with FTK LabRequest a demo