A Letter From The CEO Of Exterro: The FTK Roadmap And Our Exciting Path Forward

It has been a little over three weeks since we announced Exterro had acquired AccessData. In that time, our teams have been extremely busy with product planning and laying out an exciting path forward!

It is our intention to share these plans and to be completely open, transparent and collaborative. Over the coming weeks and months, we will lay out a series of regular roadmap communications to keep you informed of developments and key milestones along the way. We also want to hear from you! Your feedback is an integral part of our planning process, as everything we do centers on your success and satisfaction.

To launch our “behind the curtain” conversation, we want to share the significant investments we are making in FTK. Rest assured, FTK is and will remain the centerpiece of our forensics portfolio. We deeply appreciate that end-to-end chain of custody is of paramount importance. Throughout the innovation process, it remains our highest priority to ensure evidence is preserved in a forensically sound manner, ensuring the highest degree of data integrity.

We are firmly committed to the FTK portfolio and to the global forensics community, putting massive resources towards reimagining this technology to accelerate the investigative process and maximize outcomes in ways only previously dreamed possible.

We are not only working to modernize FTK,  but we will reshape it with the more robust features users have been asking for, while injecting powerful new technology to deliver the future of forensics within the tool you know and trust. A few examples:

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

The Power of Artificial Intelligence
We will bring leading-edge Artificial Intelligence (AI) technology to FTK, helping to transform the investigative environment, empowering you with pioneering tools so you can accelerate your access to evidence and surface more relevant findings when processing and analyzing data, understanding connections that could sharpen your focus and direction. Exterro has mastered AI over the past five years and we have successfully launched two AI-driven products that have been battle-tested. We have the resources, experience and expertise to bring this technology to FTK and are excited to incorporate it into forensic evidence processing and review.

Coming in the near-term:

Smart Investigator
We have already made terrific progress in development plans for next-gen review, to be fully integrated with FTK, which leverages the aforementioned Artificial Intelligence technology from Exterro. The “Smart Investigator” will be your virtual investigative partner to help guide the investigation, reveal contextual insights across data at the earliest possible stage, uncovering immediate insight, shortening the time it takes to solve a case and cutting the extraneous data out so you can spend your valuable time on the investigation itself.

Web-Based Review
We have been working on “FTK Central” in tight collaboration with our users for several months and are looking forward to the near-term launch. This is a web-based review tool built on the latest and greatest web framework optimized for speed, performance and usability and is custom-built for forensics, post-breach or legal review. So regardless if you are a forensic investigator, an incident responder or a legal reviewer, you can come to FTK Central as your holistic review platform. As a web-based solution, it is perfect for those working outside of a corporate environment, in a large lab or for service providers needing a web-based solution. There will be no large infrastructure requirements, as once it is installed on one machine, anyone can use it from their own device, including mobile.

FTK and Enterprise 7.4.2 – The upcoming release will offer the ability to collect data from remote endpoints outside of the corporate network, as well as allow users to collect data from sources in the cloud. Where and how we work has changed. Endpoints are no longer in a physical office and people are working from home, and often not connected to the VPN/company network.  Data is also increasingly being stored in online/cloud collaboration tools like Google Drive and Microsoft Teams, yet you need to continue to respond to a data breach or perform an internal data collection. The release of 7.4.2 makes FTK Enterprise the first forensic investigation tool that can perform off-network endpoint collection and collect from the most popular online/cloud data sources.

In addition, FTK 7.4.2 will eliminate the need to manually sift through the Windows OS registry files so you can narrow your search down to the most relevant system data, giving you a head start to your investigation. The Enhanced Windows System Information tab will present Windows OS system data in an easy to read, reportable format.

As Windows 10 captures the timeline of actions and geolocations of the user, FTK can now parse those registry files for you.  This allows you to quickly see an overview of every application the user opened, what processes were running, where the user was physically located, and at exactly what time this activity occurred.  FTK can show you if any data was uploaded, downloaded, or exfiltrated, as well as what networks the machine was connected to, when it was connected, and for how long, which can help to pinpoint the user’s location – home, office, hotel or public WiFi, etc.

FTK will help you follow the timeline of the user’s actions and clicks as they run applications and view files, almost as though you were sitting over their shoulder watching them as they were doing it.  Anything the latest Windows OS can store, FTK can now parse it.

Processing enhancements for Mac – We already have the fastest, most scalable and most robust processing engine on the market, but we are making great investments in it for material improvement. We will be coming out with Mac enhancements (e.g., support for FileVault 2 decryption). As you know, we did this with the System Summary for Windows, so we will do the same for Mac to make sure you always stay ahead of the curve in the investigation and get the most relevant data, whether it be Mac or Windows.

Internet data – We will add support for all Chromium-based browsers (e.g., Microsoft Edge) so that no matter what browser is being used on the suspect machine, you can bring it in and look at it.

Mobile parsing – Look for a great deal more mobile parsing! We will be supporting GrayKey very soon, to allow you to bring in GrayKey imports (as you know, we already support UFDR and XRY).

We hope you are as excited about these initiatives as we are, which only scratch the surface of our plans! We stand behind you stronger than ever and you have our commitment to deliver the best products, experience and support in the industry. It is our mission to be the forensic industry benchmark for operational excellence, providing you with a partner you can trust and in whom you have complete confidence.

Look for regular updates from me across all areas of our business and do not hesitate to reach out to your current representative with any questions or to schedule a more in-depth roadmap review.

Wishing you all the best in 2021 and to a bright future together!

Bobby Balachandran
Chief Executive Officer

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles