Go Back
Blog

Fortifying the Forensics Toolkit (FTK) Portfolio with Exterro Infrastructure

We are not only working to modernize FTK, but to reshape it with the robust features users have been asking for, while injecting powerful new technology to deliver the future of forensics.

The following is the sixth post in a new blog series from Exterro CEO Bobby Balachandran, where he shares his thoughts on the issues legal leaders care about and his vision for addressing them. Read Bobby's last blog .

One of the primary reasons Exterro sought to acquire AccessData was the capabilities and depth of their flagship point solutionthe Forensics Toolkit (FTK®). We were also struck by how well those capabilities fit into our own plans for the entire Exterro software platform. As we’ve fortified our platform offerings quite a bit over the last couple of years across e-discoverydata privacydigital forensic investigations and cybersecurity compliancewe have just begun to scratch the surface when it comes to taking our platform to the next level with FTK and making FTK even more powerful through Exterro AI.

So farwe have been delighted to see how the two technologies interact to create better outcomes for our customers. As part of our commitment to the FTK portfolio and to the global forensics communitywe’ve been investing massive resources into reimagining this technology to accelerate the investigative process and maximize outcomes in ways that we could only dream about before.

In shortwe are not only working to modernize FTKbut to reshape it with the robust features users have been asking forwhile injecting powerful new technology to deliver the future of forensics within the tool you know and trust.

In this blogwe’ll cover a few ways that Exterro has already amplified FTKand what we plan to continue to develop over the course of the next several months. Firstlet’s take a look at the latest FTK Enterprise improvements:

The Latest FTK and Enterprise 7.4.2 Updates

The latest release of Enterprise (7.4.2) launched a couple of months agoand now allows users to collect data from remote endpoints outside the corporate network as well as the cloud. Of coursewhere and how we work has changed forever: Endpoints are no longer in a physical office and people are working from home and often not connected to the VPN/company network. Data is also increasingly being stored in online/cloud collaboration tools like Google Drive and Microsoft Teamsyet organizations still need to be able to respond effectively to a data breach or perform an internal data collection. The release of 7.4.2 makes FTK Enterprise the first forensic investigation tool that can perform off-network endpoint collection and collect from the most popular online/cloud data sources.

In additionFTK 7.4.2 eliminates the need to manually sift through the Windows OS registry files so you can narrow your search down to the most relevant system dataeffectively giving you a head start on your investigation. The Enhanced Windows System Information tab presents Windows OS system data in an easy-to-readreportable format.

As Windows 10 captures the timeline of actions and geolocations of the userFTK can now parse those registry files for you. This allows you to quickly see an overview of every application a user openedwhat processes were runningthe user’s physical location and the exact time this activity occurred. FTK can show you if any data was uploadeddownloaded or exfiltratedas well as what networks the machine was connected towhen it was connected and for how long—which can help pinpoint the user’s locationsuch as homeofficehotel or public Wi-Fi. FTK helps users follow the timeline of the user’s actions and clicks as they run applications and view files—almost as if you were sitting over their shoulder and watching them as they were doing it. Anything the latest Windows OS can storeFTK can now parse.

Nowhere’s what we have in mind for the next several months:

Harnessing AI for FTK

We have begun to bring leading-edge artificial intelligence (AI) technology to FTKhelping to transform the investigative environment and empowering you with pioneering tools that accelerate your access to evidence and surface more relevant findings when you are processing and analyzing data. Our goal is to help users quickly understand connections that could sharpen the focus and direction of the investigation. This is something we are particularly good at: We have mastered AI over the past five years and we have successfully launched multiple AI-driven products that have been battle-tested. We have the resourcesexperience and expertise to bring this technology to FTK and are excited to incorporate it into forensic evidence processing and review.

A New ‘Smart Investigator’

We have already made terrific progress in development plans for our next-generation review solutionto be fully integrated with FTKwhich leverages AI technology from Exterro. The “Smart Investigator” will be your virtual investigative partner to help guide the investigation and reveal contextual insights across data at the earliest possible stage—uncovering immediate insightshortening the time it takes to solve a case and cutting the extraneous data out so you can spend your valuable time on the investigation itself.

Web-Based Review Improvements

We are also about to launch the newest member of the FTK familyFTK Central. This is a web-based review tool built on the latest and greatest web framework optimized for speedperformance and usability. FTK Central is custom-built for forensicspost-breach or forensic legal review. So whether you’re a forensic investigatoran incident responder or a legal revieweryou can come to FTK Central as your holistic review platform. As a web-based solutionit is perfect for those working outside of a corporate environmentin a large lab or for service providers. There will be no large infrastructure requirements; once it is installed on one machineanyone can use if from their own deviceincluding mobile.

Processing More Effectively with Macs

We already have the fastestmost scalable and most robust processing engine on the marketbut we are making significant investments in it for material improvement. We will be coming out with Mac enhancements (e.g.support for FileVault 2 decryption). As you knowwe already did this with the System Summary for Windowsand we will do the same for Mac to ensure you’re able to stay ahead of the curve during an investigation and get the most relevant data—whether it comes from a Mac or Windows OS.

Internet Data Support & Mobile Parsing

We’re also adding support for all Chromium-based browsers (e.g.Microsoft Edge). No matter which browser is being used on a systemusers will be able to bring it in and look at it. Look for new developments in mobile parsing as well! We’ll also be supporting GrayKey imports andas you knowwe already support UFDR and XRY.

As I saidthese initiatives barely scratch the surface of our plans! It is our mission and commitment to deliver the best productsexperience and support in the industry—and to be the forensic industry benchmark for operational excellence. In making these improvementswe feel we’re on the right track to being a trustworthy partner in which corporate legal departmentslaw enforcement agenciesand other organizations can place their confidence.

Redefining how your business manages data risk.
Get Started
Mitigating enterprise data risk.
ResourcesBlogPodcastCase StudiesWhitepapers
ProductseDiscoveryDigital ForensicsData GovernancePlatform & Intelligence
IndustriesFinancial Services & InsuranceHealthcare & Life SciencesEnergy & UtilitiesGovernment & Public Sector
CompanyNews & PressCareersTrust CenterContact Us
© 2026 Exterro. All rights reserved
Trust CenterModern Slavery StatementPrivacy PolicyWebsite Terms of Use
Do Not Sell or Share My Personal Information