Exterro upgrades FTK Connect to enhance digital forensic and incident response automation
Exterro released an upgraded FTK Connect digital forensic tool that adds new automation, orchestration and integration capabilities to Exterro’s platform.
FTK Connect automation enables both corporations to streamline their incident response or breach investigations, and law enforcement and public sector customers to accelerate forensic evidence processing and review in criminal cases. The launch exemplifies Exterro’s ongoing investment in the FTK product line as it plans a future IPO and underscores the company’s commitment to the digital forensics and incident response market.
In 2021, businesses suffered 50% more cyberattacks per week than the previous year and corporations around the globe expect an increase in attempted breaches. But if their forensic tools are not directly integrated with their cyber intrusion tools they risk being unable to preserve the evidence needed to remediate the attack. FTK Connect supports incident response requirements by combining new automation capabilities with the power and speed of Exterro’s FTK solutions in performing forensic investigations, incident response workflows, and securing corporate assets.
Additionally, FTK Connect allows SIEM and SOAR platforms like Splunk and Palo Alto Networks to be automatically integrated with FTK forensic products to instantly preserve evidence upon detection of an intrusion, with no human interaction needed. It also features a dramatically simplified drag and drop user interface (UI) that is specifically designed to allow non-programmers to easily create automations for any case type.
Public sector
For public sector agencies, FTK Connect provides a much-needed automation solution that overcomes many of the challenges they face today. Some of these challenges include case backlogs that exist due to diminished tech budgets, lack of investigator training, and the enormous amounts of data that need to be processed.
Essentially, the costs of outfitting a forensic lab with state-of-the-art technology and highly trained examiners are out of reach for most agencies. Thus, forensic evidence examinations become delayed after the imaging of a drive or collection of evidence because they rely on the availability of trained examiners to perform the next steps. Due to these circumstances and budgetary reasons, agencies are more frequently using non-technical reviewers who lack any training in forensics or forensic software but who need to prepare cases for review by a forensic expert. As a result, investigation close rates continue to lag severely.
“By utilising FTK Connect automation, law enforcement agencies can perform forensic workflows much faster and make better use of their existing hardware and software investments by putting them to use when users aren’t there,” said Harsh Behl, director of product management at Exterro. “Scheduling the automation outside office hours utilises the 16 hours of the day from the time when an investigator leaves work to when they arrive the next morning, which were previously wasted. Law enforcement agencies utilising FTK Lab or FTK Central with FTK Connect will be able to close more cases in less time.”
The FTK Connect enhancements resulted from Exterro’s close partnerships with prominent customers in the US, UK, and Europe. The wealth of experience and market insights from these customers have helped Exterro build a tool that creates efficiencies and covers the major gaps that exist within other forensic solutions.
New features and functionality of FTK Connect
Create automations with unprecedented ease: Built for non-programmers, the intuitive interface allows users to easily create automations for any case type with a drag and drop interface. Be instantly productive with minimal training.
Automated processing and review: Law enforcement agencies can configure FTK Connect to watch directories and automatically process any forensic image placed there, then automatically search cases for preconfigured search terms, apply labels or bookmarks, and export the resulting files.
Unite SIEM & SOAR with forensic investigations: Orchestrate forensic collection workflow by integrating internal cyber infrastructure tools together. Instantly preserve electronic evidence upon detection of an intrusion. FTK Connect can automate collection from remote endpoints based on triggers from solutions like Splunk SOAR and Palo Alto SOAR.
Custom workflows: Leverage the FTK Connect APIs to build custom workflows or integrations that fit the organisation’s exact needs and specifications.
ISO Accreditation: FTK Connect automation helps minimise human interaction during the handling of digital evidence, thus reducing the chance for errors and ensuring their compliance with/adherence to ISO Accreditation Standards such as ISO 27037, or ISOs 17020 and 17025.
Compatibility: FTK Connect seamlessly integrates with FTK Lab, FTK Enterprise, and FTK Central bringing unrivaled speed, power, and security to forensic workflows.