FTK Forensic Toolkit

S

FTK Forensic Toolkit

Digital Investigations

Bild

Why You Want It

Zero in on relevant evidence quickly, conduct faster searches and dramatically increase analysis speed with FTK®, the purpose-built solution that interoperates with mobile device and e-discovery technology. Powerful and proven, FTK processes and indexes data upfront, eliminating wasted time waiting for searches to execute. No matter how many different data sources you’re dealing with or the amount of data you have to cull through, FTK gets you there quicker and better than anything else.

 

Unmatched Speed and Stability

FASTER SEARCHING

DATABASE DRIVEN

FTK uses distributed processing and is the only forensics solution to fully leverage multi-thread/multi-core computers. While other forensics tools waste the potential of modern hardware solutions, FTK uses 100 percent of its hardware resources, helping investigators find relevant evidence faster.

Since indexing is done up front, filtering and searching are completed more efficiently than with any other solution. Whether you’re investigating or performing document review, you have a shared index file, eliminating the need to recreate or duplicate files.

FTK is truly database driven, using one shared case database. All data is stored securely and centrally, allowing your teams to use the same data. This reduces the cost and complexity of creating multiple data sets.

 

 

Features built around you

Unique FTK® Architecture & Stability

FTK is database driven so you won’t experience the lost work associated with memory-based tools in the event of a GUI crash. FTK components are compartmentalized allowing the processing workers to continue processing data without interruption.

Bild

Unmatched Processing Capabilities

  • Distributed processing with a total of 4 engines
  • True multi-threaded / multi-core support
  • Wizard-driven processing ensures no data is missed
  • Pre- and post-processing refinement
  • Advanced data carving engine allows you to specify criteria, such as file size, data type and pixel size to reduce the amount of irrelevant data carved while increasing overall thoroughness
  • Create, import and export reusable processing profiles with pre-defined processing options for different investigative needs
Bild

Key Product Features

FTK provides real-world features that help teams make sense of and manage massive data sets, separate critical data from trivial details, and protect digital information while complying with regulations.

  • Unmatched speed through distributed processing engines
  • Unique architecture provides better stability
  • Wizard-driven to ensure no data is missed
  • State-of-the-art data visualization to highlight relationships and patterns
  • Only solution that utilizes a single case database, reducing cost and complexity of multiple case datasets  
  • Faster learning with easy-to-use GUI
Bild

 

Integrated Digital Investigation Solutions

Create images, process a wide range of data types from many sources from hard drive data to mobile devices, network data and Internet storage in a centralized location. Decrypt files, crack passwords, and build a report all with a single solution.

  • Recover passwords from over 100+ applications
  • KFF hash library with 45 million hashes
  • Advanced, automated analysis without the scripting
Bild

Belkasoft Integration—Better Together

  • Quickly extract digital evidence from multiple sources.
  • Parse multiple databases without manual searching.
  • Locate evidence that was deleted, destroyed, or never stored on the hard drive at all.
  • Present the results of your investigation easily without losing the connection between result and data source.

Capabilities to Empower You

  • Third party integration with Belkasoft gives you access to nearly 200 mobile parsers.
  • Unique distributed processing, which cuts processing time and reduces case backlog.
  • Custom processing options help establish enterprise-wide processing standards, creating consistency for your investigations and reducing the possibility of missed data. 
  • FTK processes and indexes up front so you don’t waste time waiting for searches to execute, helping you to zero in on relevant evidence faster, and dramatically increasing analysis speed.
  • Configure and change the weighting criteria for sort after a search to reveal the most relevant results.
  • Leverages one shared case database, allowing teams to use the same data, reducing cost and complexity of creating multiple case datasets.
  • While other products run out of memory and crash during processing, FTK is database driven, providing the stability necessary to handle large data.
  • The easy-to-use GUI provides a faster learning experience.
  • Visualization technology that displays your data in timelines, cluster graphs, pie charts, geolocation and more, helps you get a clearer picture of events.
  • Customizable processing profile buttons help create a set of standards for processing particular types of investigations.

 

Back to top