Exterro - FTK Forensic Toolkit
A digital forensics tool that uses full-text search technology, enabling fast search and extraction of key digital evidence files
Exterro - Forensic ToolKit UI

Exterro - Forensic ToolKit (FTK)

  • A highly acclaimed and court-certified digital forensics tool, known for its speed, stability, and ease of use.
  • It quickly identifies and analyzes digital evidence from target devices or systems, helping to efficiently gather crucial data.
  • With an intuitive interface, email analysis system, and customizable data views, it provides excellent performance and stability for effective case management.
Product Brief Official Website

Exterro - Forensic ToolKit (FTK) has long been praised by law enforcement for its intuitive interface, efficient data search and analysis, and powerful visualization. With each upgrade, FTK introduces new features like facial and image recognition, face detection, object image detection, and support for custom Python scripts, further enhancing its digital forensics capabilities.

Description
  • Supports forensic analysis of various file system formats such as FAT12, FAT16, FAT32, NTFS, EXT2FS, EXT3FS, EXT4FS, ReiserFS3, HFS Plus, etc.
  • Supports forensic analysis of E01, DD, and Smart format disk images.
  • Forensic analysis of physical hard drives or disk images, with the ability to input keywords using an indexing mechanism to locate all occurrences matching the keyword.
  • Supports multi-language analysis.
  • Supports forensic analysis of deleted files.
  • View Event Log files and detect encrypted documents.
  • Supports a variety of file systems, compound files, and email formats, including: Lotus Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express, DBX, EML, and AOL.
  • Analyzes browser activity, including Web History, Cookies, and Cache.
  • Provides report formats in PDF/HTML/XML/RTF.
  • Allows exporting indexed digital evidence files as dictionary files for password cracking.
  • Built-in digital evidence bookmarking feature (BooKMark) for forensic report creation.
  • Detects and analyzes file formats, identifying files with mismatched extensions and formats, and allows direct viewing of file contents.
  • Includes options for customizable filters, file extension maps, labels, and custom identifiers.
  • Features a memory analysis module for analyzing dumped memory data (including hidden processes), such as DLL lists, network sockets, loaded drivers, and handles.
  • Includes a PhotoDNA module for recognizing similar images and providing similarity scores.
  • Email notifications: Users will receive email notifications when new users gain access to a case or when data associated with a user’s authorized case is added or removed.
  • Provides an Imaging tool that allows creating E01 and DD format disk images without installation.
  • The provided Imaging tool supports mounting E01 and DD format disk images.
  • Includes a Registry analysis tool.
  • Supports various image forensics features such as facial and image recognition, facial detection, and object image detection.
  • Supports custom Python scripts.