Exterro adds advanced capabilities to digital forensic tool
Exterro has announced the release of its upgraded FTK Connect digital forensic tool that adds new automation, orchestration and integration capabilities to Exterro's platform.
FTK Connect automation enables both corporations to streamline incident response or breach investigations, and law enforcement and public sector customers to accelerate forensic evidence processing and review in criminal cases.
According to the company, the launch is in-line with Exterro's ongoing investment in the FTK product line as it plans a future IPO and underscores the company's commitment to the digital forensics and incident response market.
In 2021, businesses suffered 50% more cyber attacks per week than the previous year and corporations around the globe expect an increase in attempted breaches.
However, according to Exterro, if their forensic tools are not directly integrated with their cyber intrusion tools they risk being unable to preserve the evidence needed to remediate the attack.
FTK Connect supports incident response requirements by combining new automation capabilities with the power and speed of Exterro's FTK solutions in performing forensic investigations, incident response workflows and securing corporate assets.
Additionally, FTK Connect allows SIEM and SOAR platforms such as Splunk and Palo Alto Networks to be automatically integrated with FTK forensic products to instantly preserve evidence upon detection of an intrusion, with no human interaction needed.
It also features a simplified drag and drop user interface (UI) that is specifically designed to allow non-programmers to create automations for any case type.
For public sector agencies, FTK Connect provides an automation solution that overcomes many of the challenges they are facing, according to the company.
Some of these challenges include case backlogs that exist due to diminished tech budgets, lack of investigator training and the large amounts of data that need to be processed.
According to Exterro, essentially, the costs of outfitting a forensic lab with state-of-the-art technology and highly trained examiners are out of reach for most agencies. Therefore, forensic evidence examinations become delayed after the imaging of a drive or collection of evidence because they rely on the availability of trained examiners to perform the next steps.
Due to these circumstances and budgetary reasons, agencies are more frequently using non-technical reviewers who lack any training in forensics or forensic software but who need to prepare cases for review by a forensic expert. As a result, investigation close rates continue to lag severely, the company states.
Exterro director of product management Harsh Behl says, "By utilising FTK Connect automation, law enforcement agencies can perform forensic workflows much faster and make better use of their existing hardware and software investments by putting them to use when users aren't there.
"Scheduling the automation outside office hours utilises the 16 hours of the day from the time when an investigator leaves work to when they arrive the next morning, which were previously wasted. Law enforcement agencies utilising FTK Lab or FTK Central with FTK Connect will be able to close more cases in less time."
The FTK Connect enhancements resulted from Exterro's close partnerships with prominent customers in the US, UK and Europe. The experience and market insights from these customers helped Exterro build a tool that creates efficiencies and covers the major gaps that exist within other forensic solutions, the company states.
New features and functionality of FTK Connect include the following:
Create automations with greater ease: Built for non-programmers, the intuitive interface allows users to easily create automations for any case type with a drag and drop interface. Be instantly productive with minimal training.
Automated processing and review: Law enforcement agencies can configure FTK Connect to watch directories and automatically process any forensic image placed there, then automatically search cases for preconfigured search terms, apply labels or bookmarks, and export the resulting files.
Unite SIEM - SOAR with forensic investigations: Orchestrate forensic collection workflow by integrating internal cyber infrastructure tools together. Instantly preserve electronic evidence upon detection of an intrusion. FTK Connect can automate collection from remote endpoints based on triggers from solutions like Splunk SOAR and Palo Alto SOAR.
Custom workflows: Leverage the FTK Connect APIs to build custom workflows or integrations that fit the organisations exact needs and specifications.
ISO accreditation: FTK Connect automation helps minimise human interaction during the handling of digital evidence, thus reducing the chance for errors and ensuring their compliance with/adherence to ISO Accreditation Standards such as ISO 27037, or ISOs 17020 and 17025.
Compatibility: FTK Connect seamlessly integrates with FTK Lab, FTK Enterprise, and FTK Central bringing unrivalled speed, power, and security to forensic workflows.