Exterro has released an updated FTK Connect digital forensics tool that adds new automation, orchestration and integration capabilities to Exterro’s platform.
Automation of FTK Connect enables both companies to streamline incident response or breach investigation, and law enforcement and public sector customers to accelerate the processing and review of forensic evidence in criminal cases. The launch exemplifies Exterro’s ongoing investment in the FTK product line as it plans a future IPO and underscores the company’s commitment to the digital forensics and incident response market.
In 2021, businesses experienced 50% more cyber attacks per week than the previous year, and businesses around the world are expecting an increase in hacking attempts. But if their forensic tools aren’t directly integrated with their cyber-intrusion tools, they risk not being able to preserve the evidence needed to remediate the attack. FTK Connect supports incident response requirements by combining new automation capabilities with the power and speed of Exterro’s FTK solutions in performing forensic investigations, incident response workflows, and protecting corporate assets.
Additionally, FTK Connect allows SIEM and SOAR platforms such as Splunk and Palo Alto Networks to be automatically integrated with FTK forensic products to instantly preserve evidence upon detection of an intrusion, without requiring human interaction. It also features a greatly simplified drag and drop user interface (UI), designed specifically to allow non-programmers to easily create automations for any type of case.
For public sector agencies, FTK Connect provides a much needed automation solution that overcomes many of the challenges they face today. Some of these challenges include backlog cases that exist due to dwindling technology budgets, a lack of investigator training, and the sheer amount of data that needs to be processed.
In essence, the costs of equipping a forensic lab with state-of-the-art technology and highly skilled examiners are out of reach for most agencies. Therefore, forensic evidence exams are delayed after imaging a guide or gathering evidence because they rely on the availability of qualified examiners to perform the next steps. Due to these circumstances and budgetary reasons, agencies more frequently use non-technical auditors who have no training in forensic or software forensics, but who need to prepare cases for review by a forensic expert. As a result, investigation closure rates continue to lag significantly.
“Using FTK Connect automation, law enforcement can execute forensic workflows much faster and make better use of their existing hardware and software investments, putting them to use when users are not around,” said Harsh Behl. , director of product management at Exterro. “Automation scheduling outside office hours uses the 16 hours of the day from the time an investigator leaves work until the next morning arrives, which had previously been wasted. Law enforcement using FTK Lab or FTK Central with FTK Connect will be able to close more cases in less time. “
FTK Connect enhancements are the result of Exterro’s close collaboration with major customers in the US, UK and Europe. The wealth of experience and market insights from these clients have helped Exterro create a tool that creates efficiencies and covers key gaps within other forensic solutions.
New features and functionalities of FTK Connect
Create automations with unprecedented ease: Built for non-programmers, the intuitive interface allows users to easily create automations for any type of case with a drag and drop interface. Get productive instantly with minimal training.
Automated processing and review– Law enforcement can configure FTK Connect to check directories and automatically process any forensic images placed there, then automatically search for cases for preconfigured search terms, apply labels or bookmarks, and export the resulting files.
Join SIEM & SOAR in forensic investigations: Orchestrates the forensic collection workflow by integrating together the internal tools of the IT infrastructure. Instantly store electronic evidence upon detection of an intrusion. FTK Connect can automate collection from remote endpoints based on triggers from solutions such as Splunk SOAR and Palo Alto SOAR.
Custom workflows– Leverage FTK Connect APIs to create custom workflows or integrations that fit your organization’s exact needs and specifications.
ISO accreditation: FTK Connect automation helps minimize human interaction when handling digital proofs, thereby reducing the possibility of errors and ensuring their compliance / adherence to ISO accreditation standards such as ISO 27037 or ISO 17020 and 17025.
Compatibility: FTK Connect seamlessly integrates with FTK Lab, FTK Enterprise and FTK Central bringing unrivaled speed, power and security to forensic workflows.