Skip to content

Automate Forensic Workflows with FTK Connect

Quickly and easily automate the power and speed of Exterro’s industry-leading FTK solutions to eliminate wasted time while performing forensic investigations and incident response workflows.

Customers worldwide trust Exterro to simplify their forensic workflows.

West Midlands Police Logo

Create powerful time-and money-saving automations without complicated scripting.

FTK Connect enables corporations and law enforcement agencies to easily automate and accelerate key processes and tasks within DFIR investigations. With its dramatically simplified drag and drop interface, FTK Connect empowers users of all skill levels to save time by simplifying their workflows.

  • Clear Backlogs

    FTK Connect automations get evidence into the hands of forensic examiners faster, so they can close more cases and reduce case backlogs.

  • Preserve Evidence

    Integrate with intrusion detection software to automate the immediate collection of remote endpoint evidence from the first moments a cybersecurity incident is detected.

  • Be Instantly Productive

    Built for non-programmers, FTK Connect allows users to easily create automations for any case type with a familiar drag-and-drop interface – no API or Python scripting language needed!

Eliminate manual tasks with forensic workflow automation. 

Let FTK Connect handle the mundane tasks, saving investigators’ time for what they do best: forensic analysis and review.  Automate tasks like case creation and evidence processing, as well as next steps like searching and labeling results, exporting data, and more – all without any user interaction.

For full details on compatibility, visit our FAQ section.

Unite FTK solutions with SIEM and SOAR platforms with automated evidence collection.

Orchestrate your incident response workflow by integrating with your cybersecurity tools. Instantly collect and preserve electronic evidence upon detection of an intrusion. FTK Connect can automate collection from remote endpoints based on triggers from solutions like Palo Alto Networks Cortex XSOAR.

Process evidence files instantly with watch folder automation.

Eliminate time spent waiting for jobs to be completed and get cases to examiners in half the time by using FTK Connect to automate case creation and evidence processing.  Law enforcement agencies can configure FTK Connect to watch file directories and automatically process any forensic image placed there, then search the case for preconfigured search terms, apply labels or bookmarks, and export the resulting files.

Additional Automation Capabilities

  • Create Custom Workflows

    Leverage FTK Connect to build your own workflows or integrations with cybersecurity platforms, case management systems, e-discovery applications, and other third-party software tools that can call a restful API.

  • Automated Notifications

    Keep expert examiners focused. Stay informed of case progress with automated processing status updates that notify users via text message or email when an automation is complete.

  • Maximize Resources

    Keep FTK working after hours with automation. Make better use of your existing hardware and software investments by using them outside of normal work hours. 

  • ISO Compliance

    Reduce the chance for errors and increase defensibility by minimizing human  handling of digital evidence. Consistent, reliable automation helps maintain compliance with ISO Accreditation Standards 27037, 17020, and 17025.

Ready to get started?

See our automated forensic workflow solutions in action. 

The most innovative companies in digital forensics partner with Exterro.

Orchestrate FTK Connect with SIEM and SOAR platforms to investigate the root cause of a data breach and save precious time in the initial stages of incident response. 

Palo Alto Networks Logo

“Scheduling the automation makes use of 16 hours of previously wasted time, from the time an investigator leaves work to when they arrive the next morning.” 

John Price Detective Sergeant, West Midlands Police, UK

Frequently asked questions

  • Which FTK solutions are compatible with FTK Connect?

    FTK Connect For Law Enforcement seamlessly integrates with the standalone version of the FTK Forensic Toolkit.  You can purchase it here.

    For FTK Lab, FTK Enterprise, and FTK Central customers, the full-featured version of FTK Connect includes additional automation workflows for incident response and internal investigations, plus the ability to integrate with other third-party platforms.

  • What tasks or workflows can you automate with FTK Connect?

    FTK Connect can automate case creation, evidence processing, keyword searching, tagging, and exporting.  The full-featured version of FTK Connect, specifically, can also automate (remote) imaging and collection, either manually, scheduled, or triggered by a third party platform.

  • What kind of scripting languages can you use to create FTK Connect automations?

    In addition to the drag-and-drop workflow interface, experienced programmers can also write custom Python scripts for the FTK Connect API.  The API can integrate and connect FTK® products with cybersecurity platforms, case management systems, e-discovery applications, and other third-party software tools that have an ability to call a restful API.

    For example, with the FTK Connect API configured, you can program FTK Enterprise or FTK Central to automatically run an endpoint collection or a memory and volatile data collection upon detection of a breach by the linked cybersecurity tool.  This allows you to capture critical endpoint evidence immediately, before it’s deleted or modified, especially if the attack occurs in the off-hours and no one is at work to see or hear the cybersecurity tool alert.

  • What kinds of Collection workflows can be automated for incident response?

    You can collect either a full-disk image or volatile data from a remote endpoint with FTK Connect automation. For example, after an internal incident is detected, FTK Connect can use an automated playbook to trigger FTK Enterprise or FTK Central to initiate collection from the affected endpoint.  

    However, if you only collect a disk image after an incident has occurred, you may be unable to analyze information cached in memory, depending on the actions of the endpoint user.  So by performing an automated memory dump, you can proceed with the investigation and recovery of saved passwords, open network connections, or recover an entire webpage, which may only be stored in memory, such as a page viewed in Chrome Incognito.

    The benefit of automating a memory collection from a compromised endpoint is that the analysis can take place covertly, without alerting the suspected individual. 

Featured Workflow Automation Resources

Learn Exterro can help your organization automate investigative workflows.

Product Briefs

FTK® Connect Product Brief

Learn how you can take your digital forensics and incident response to the next level by connecting FTK to your cybersecurity platform with FTK Connect.

White Papers

The Next Generation of Digital Forensics

Download this Exterro quick guide to learn about new digital forensics technology that's transforming how law enforcement professionals investigate cases.

Product Briefs

FTK® Connect Automation for Law Enforcement - Product Brief

FTK Connect for Law Enforcement helps digital forensic investigators power through case backlogs and accelerate forensic investigations by automating FTK workflows. Eliminate time spent waiting for jobs to be completed and get cases to examiners in half the time by using FTK Connect to automate case creation and evidence processing, then informing investigators when their jobs are finished.

Ready to get started?

See our automated forensic workflow solutions in action. 

Get a Demo