The following is the sixth post in a new blog series from Exterro CEO Bobby Balachandran, where he shares his thoughts on the issues legal leaders care about and his vision for addressing them. Read Bobby's last blog here.
One of the primary reasons Exterro sought to acquire AccessData was
the capabilities and depth of their flagship point solution, the
Forensics Toolkit (FTK®). We were also struck by how well those
capabilities fit into our own plans for the entire Exterro software
platform. As we’ve fortified our platform offerings quite a bit over the
last couple of years across e-discovery, data privacy, digital forensic
investigations and cybersecurity compliance, we have just begun to
scratch the surface when it comes to taking our platform to the next
level with FTK and making FTK even more powerful through Exterro AI.
far, we have been delighted to see how the two technologies interact to
create better outcomes for our customers. As part of our commitment to
the FTK portfolio and to the global forensics community, we’ve been
investing massive resources into reimagining this technology to
accelerate the investigative process and maximize outcomes in ways that
we could only dream about before.
In short, we are not only working to modernize
FTK, but to reshape it with the robust features users have been
asking for, while injecting powerful new technology to deliver the
future of forensics within the tool you know and trust.
In this blog, we’ll cover a few ways that Exterro has already amplified FTK, and what we plan to continue to develop over the course of the next several months. First, let’s take a look at the latest FTK Enterprise improvements:
The Latest FTK and Enterprise 7.4.2 Updates
The latest release of Enterprise (7.4.2) launched a couple of months ago, and now allows users to collect data from remote endpoints outside the corporate network as well as the cloud. Of course, where and how we work has changed forever: Endpoints are no longer in a physical office and people are working from home and often not connected to the VPN/company network. Data is also increasingly being stored in online/cloud collaboration tools like Google Drive and Microsoft Teams, yet organizations still need to be able to respond effectively to a data breach or perform an internal data collection. The release of 7.4.2 makes FTK Enterprise the first forensic investigation tool that can perform off-network endpoint collection and collect from the most popular online/cloud data sources.
addition, FTK 7.4.2 eliminates the need to manually sift through the
Windows OS registry files so you can narrow your search down to the most
relevant system data, effectively giving you a head start on your
investigation. The Enhanced Windows System Information tab presents Windows OS system data in an easy-to-read, reportable format.
Windows 10 captures the timeline of actions and geolocations of the
user, FTK can now parse those registry files for you. This allows you to
quickly see an overview of every application a user opened, what
processes were running, the user’s physical location and the exact time
this activity occurred. FTK can show you if any data was uploaded,
downloaded or exfiltrated, as well as what networks the machine
was connected to, when it was connected and for how long—which can help
pinpoint the user’s location, such as home, office, hotel or public
FTK helps users follow the timeline of the
user’s actions and clicks as they run applications and view files—almost
as if you were sitting over their shoulder and watching them as they
were doing it. Anything the latest Windows OS can store, FTK can now
Now, here’s what we have in mind for the next several months:
Harnessing AI for FTK
We have begun to bring
leading-edge artificial intelligence (AI) technology to FTK, helping to
transform the investigative environment and empowering you with
pioneering tools that accelerate your access to evidence and surface
more relevant findings when you are processing and analyzing data. Our
goal is to help users quickly understand connections that could sharpen
the focus and direction of the investigation. This is something we are
particularly good at: We have mastered AI over the past five years and
we have successfully launched multiple AI-driven products that have been
battle-tested. We have the resources, experience and expertise to bring
this technology to FTK and are excited to incorporate it into forensic
evidence processing and review.
A New ‘Smart Investigator’
We have already
made terrific progress in development plans for our next-generation
review solution, to be fully integrated with FTK, which leverages AI
technology from Exterro. The “Smart Investigator” will be your virtual
investigative partner to help guide the investigation and reveal
contextual insights across data at the earliest possible
stage—uncovering immediate insight, shortening the time it takes to
solve a case and cutting the extraneous data out so you can spend your
valuable time on the investigation itself.
Web-Based Review Improvements
We are also
about to launch the newest member of the FTK family, FTK Central. This
is a web-based review tool built on the latest and greatest web
framework optimized for speed, performance and usability. FTK Central is
custom-built for forensics, post-breach or forensic legal review. So
whether you’re a forensic investigator, an incident responder or a legal
reviewer, you can come to FTK Central as your holistic review platform.
As a web-based solution, it is perfect for those working outside of a
corporate environment, in a large lab or for service providers. There
will be no large infrastructure requirements; once it is installed on
one machine, anyone can use if from their own device, including mobile.
Processing More Effectively with Macs
already have the fastest, most scalable and most robust processing
engine on the market, but we are making significant investments in it
for material improvement. We will be coming out with Mac enhancements
(e.g., support for FileVault 2 decryption). As you know, we already did
this with the System Summary for Windows, and we will do the same for
Mac to ensure you’re able to stay ahead of the curve during an
investigation and get the most relevant data—whether it comes from a Mac
or Windows OS.
Internet Data Support & Mobile Parsing
also adding support for all Chromium-based browsers (e.g., Microsoft
Edge). No matter which browser is being used on a system, users will be
able to bring it in and look at it. Look for new developments in mobile
parsing as well! We’ll also be supporting GrayKey imports and, as you
know, we already support UFDR and XRY.
As I said, these initiatives barely scratch the surface of our plans! It is our mission and commitment to deliver the best products, experience and support in the industry—and to be the forensic industry benchmark for operational excellence. In making these improvements, we feel we’re on the right track to being a trustworthy partner in which corporate legal departments, law enforcement agencies, and other organizations can place their confidence.