FTK

Capabilities

Exterro FTK Core Capabilities

Designed for forensic and security investigators, FTK streamlines evidence processing and analysis to shorten investigation time, highlight relevant artifacts, and help investigators reach documented, defensible conclusions.

Centralized Case Management

A shared evidence repository with role-based access controls, case orchestration, processing pipelines, and complete audit trails, keeping investigations organized, secure, and defensible at scale.

Remote Endpoint Preview & Collection

Secure remote preview and live acquisition from Windows, macOS, and Linux endpoints, enabling investigators to assess systems in place and collect only what is needed without disrupting operations.

In-field Triage & Targeted Capture

Advanced triage capabilities allow investigators to preview artifacts, access encrypted volumes with proper credentials, and perform selective or full collections, enabling faster decisions during the early stages of an incident.

Forensically Sound Acquisition

Full-disk and targeted acquisitions with cryptographic hashing, metadata preservation, and verification at the point of collection, supporting both lab and in-field scenarios.

Incident Response Automation & SOAR Integrations

Integrates with SIEM and SOAR tools to automate evidence capture when alerts fire, preserving volatile data and delivering review-ready evidence fast, reducing response time from days to hours.

AI-driven Forensic Review

Exterro Intelligence uses privacy-first AI to power semantic search, summarization, artifact correlation, and anomaly detection, to surface evidence faster, cut noise, retaining full, human-verifiable auditability.

suite portfolio

From individual cases to enterprise investigations.

The Exterro FTK portfolio scales from individual examiners to enterprise-wide investigations, providing consistent workflows and defensible outcomes without forcing teams to retool as complexity grows.

Modular Add On Capabilities for FTK Central

Our Technologies

How digital forensics is enhamced with our technology capablities.

Together, these capabilities shift digital forensics from reactive case handling to proactive, intelligence-driven investigation, helping teams respond faster, reduce downstream risk, and strengthen defensibility.

Exterro Intelligence

Agentic AI for smarter, faster, and more defensible decisions across every workflow.

Deep Data Insight

Understand what data you hold, where it is, who has access to it, and then act on it as needed.

Data Connectors

Integrate 190+ enterprise systems to create end-to-end visibility and the transparency needed to control data risk.

Designed to seamlessly fit into your existing ecosystem.

Together, these capabilities shift digital forensics from reactive case handling to proactive, intelligence-driven investigation, helping teams respond faster, reduce downstream risk, and strengthen defensibility.

SIEM & SOAR integrations (FTK Connect)

Native integration with platforms such as Splunk SOAR and Cortex XSOAR enables automated, incident-triggered evidence collection and preservation.

Evidence & analysis tools

Import mobile and third-party forensic outputs (e.g., UFDR from Cellebrite, Griffeye CSV grading) into FTK Central for unified review.

Case management & ticketing

Integrate with ServiceNow, Jira, and other systems through FTK Connect APIs to align investigations with enterprise workflows.

Cloud & SaaS connectors

Collect evidence from supported collaboration and cloud services using dedicated connectors that preserve structure, metadata, and context.

What sets FTK apart?

Proven Forensics at Enterprise Scale

Deep forensic analysis that scales to enterprise data volumes, without sacrificing rigor or defensibility.

Centralized Control Without Centralized Bottlenecks

A single system of record for visibility, access, and audit, while investigations run where they work best.

Seamless Evidence Movement Across the Organization

Securely share and collaborate on evidence without copying data or breaking chain of custody.

Built for Real Investigations, Not Just Labs

One connected workflow from intake to outcome, reducing rework, silos, and risk.

Why Stop at Digital Forensics?

Unlock the full power of the Exterro platform.

Exterro brings digital forensics together in a single FTK-driven investigation workflow. But the real advantage shows up when those forensic capabilities are connected to the broader Exterro Platform, so investigations move faster, scale better, and actually hold up under scrutiny.

Learn More

Deep Data Visibility Across Legal, Privacy & Security

Seamlessly manage everything from litigation and investigations to regulatory compliance in one place.

One Platform, No Silos

Move beyond point tools and fragmented workflows. Exterro eliminates duplicate work, improves collaboration, and reduces risk exposure, especially when time and defensibility are critical.

I can definitely recommend FTK….it’s one tool in my portfolio, but it is a very very useful one.

Frank Pingaro

Regional Information Security Officer, Carl Zeiss AG

Having an all in one solution helped us in streamlining, gaining speed and efficiency and reducing the errors.

Lorenzo Dima

Senior Digital Forensic Specialist, BIT4LAW

We don’t waste our time going through other documents that are not relevant to our case and go straight to the important elements.

Adam Mesbahi

Manager of Forensic Investigations and Litigation Services, Mazars

I show them how to search, how to bookmark, and how to build a strong case. I can get them up and running in half a day.

Karstein Haukås

Senior Advisor, Norwegian Competition Authority

If you don’t change, you don’t innovate, you will be stuck dealing with old storage media and the risks around that.

John Price

Detective Sergeant, West Midlands Police