Fortifying the Forensics Toolkit (FTK) Portfolio with Exterro Infrastructure

The following is the sixth post in a new blog series from Exterro CEO Bobby Balachandran, where he shares his thoughts on the issues legal leaders care about and his vision for addressing them. Read Bobby's last blog here.

One of the primary reasons Exterro sought to acquire AccessData was the capabilities and depth of their flagship point solution, the Forensics Toolkit (FTK®). We were also struck by how well those capabilities fit into our own plans for the entire Exterro software platform. As we’ve fortified our platform offerings quite a bit over the last couple of years across e-discovery, data privacy, digital forensic investigations and cybersecurity compliance, we have just begun to scratch the surface when it comes to taking our platform to the next level with FTK and making FTK even more powerful through Exterro AI.

So far, we have been delighted to see how the two technologies interact to create better outcomes for our customers. As part of our commitment to the FTK portfolio and to the global forensics community, we’ve been investing massive resources into reimagining this technology to accelerate the investigative process and maximize outcomes in ways that we could only dream about before.

In short, we are not only working to modernize FTK, but to reshape it with the robust features users have been asking for, while injecting powerful new technology to deliver the future of forensics within the tool you know and trust.

In this blog, we’ll cover a few ways that Exterro has already amplified FTK, and what we plan to continue to develop over the course of the next several months. First, let’s take a look at the latest FTK Enterprise improvements:

The Latest FTK and Enterprise 7.4.2 Updates

The latest release of Enterprise (7.4.2) launched a couple of months ago, and now allows users to collect data from remote endpoints outside the corporate network as well as the cloud. Of course, where and how we work has changed forever: Endpoints are no longer in a physical office and people are working from home and often not connected to the VPN/company network. Data is also increasingly being stored in online/cloud collaboration tools like Google Drive and Microsoft Teams, yet organizations still need to be able to respond effectively to a data breach or perform an internal data collection. The release of 7.4.2 makes FTK Enterprise the first forensic investigation tool that can perform off-network endpoint collection and collect from the most popular online/cloud data sources.

In addition, FTK 7.4.2 eliminates the need to manually sift through the Windows OS registry files so you can narrow your search down to the most relevant system data, effectively giving you a head start on your investigation. The Enhanced Windows System Information tab presents Windows OS system data in an easy-to-read, reportable format.

As Windows 10 captures the timeline of actions and geolocations of the user, FTK can now parse those registry files for you. This allows you to quickly see an overview of every application a user opened, what processes were running, the user’s physical location and the exact time this activity occurred. FTK can show you if any data was uploaded, downloaded or exfiltrated, as well as what networks the machine was connected to, when it was connected and for how long—which can help pinpoint the user’s location, such as home, office, hotel or public Wi-Fi.

FTK helps users follow the timeline of the user’s actions and clicks as they run applications and view files—almost as if you were sitting over their shoulder and watching them as they were doing it. Anything the latest Windows OS can store, FTK can now parse.

Now, here’s what we have in mind for the next several months:

Harnessing AI for FTK

We have begun to bring leading-edge artificial intelligence (AI) technology to FTK, helping to transform the investigative environment and empowering you with pioneering tools that accelerate your access to evidence and surface more relevant findings when you are processing and analyzing data. Our goal is to help users quickly understand connections that could sharpen the focus and direction of the investigation. This is something we are particularly good at: We have mastered AI over the past five years and we have successfully launched multiple AI-driven products that have been battle-tested. We have the resources, experience and expertise to bring this technology to FTK and are excited to incorporate it into forensic evidence processing and review.

A New ‘Smart Investigator’

We have already made terrific progress in development plans for our next-generation review solution, to be fully integrated with FTK, which leverages AI technology from Exterro. The “Smart Investigator” will be your virtual investigative partner to help guide the investigation and reveal contextual insights across data at the earliest possible stage—uncovering immediate insight, shortening the time it takes to solve a case and cutting the extraneous data out so you can spend your valuable time on the investigation itself.

Web-Based Review Improvements

We are also about to launch the newest member of the FTK family, FTK Central. This is a web-based review tool built on the latest and greatest web framework optimized for speed, performance and usability. FTK Central is custom-built for forensics, post-breach or forensic legal review. So whether you’re a forensic investigator, an incident responder or a legal reviewer, you can come to FTK Central as your holistic review platform. As a web-based solution, it is perfect for those working outside of a corporate environment, in a large lab or for service providers. There will be no large infrastructure requirements; once it is installed on one machine, anyone can use if from their own device, including mobile.

Processing More Effectively with Macs

We already have the fastest, most scalable and most robust processing engine on the market, but we are making significant investments in it for material improvement. We will be coming out with Mac enhancements (e.g., support for FileVault 2 decryption). As you know, we already did this with the System Summary for Windows, and we will do the same for Mac to ensure you’re able to stay ahead of the curve during an investigation and get the most relevant data—whether it comes from a Mac or Windows OS.

Internet Data Support & Mobile Parsing

We’re also adding support for all Chromium-based browsers (e.g., Microsoft Edge). No matter which browser is being used on a system, users will be able to bring it in and look at it. Look for new developments in mobile parsing as well! We’ll also be supporting GrayKey imports and, as you know, we already support UFDR and XRY.

As I said, these initiatives barely scratch the surface of our plans! It is our mission and commitment to deliver the best products, experience and support in the industry—and to be the forensic industry benchmark for operational excellence. In making these improvements, we feel we’re on the right track to being a trustworthy partner in which corporate legal departments, law enforcement agencies, and other organizations can place their confidence.