Investigate Remote Endpoints with FTK Enterprise

Gain deep visibility into remote endpoint data to investigate cybersecurity incidents, data breaches, or employee wrongdoing.

Quickly Identify and Understand Activity Putting Your Organization at Risk

Use FTK Enterprise to expose and investigate a variety of criminal and malicious activities, including data breaches, database tampering, inappropriate sharing of confidential company information, deletion of files, wiping of hard drives, or viewing of inappropriate content. 

Discreet Data Acquisition

Discretion can be critical when conducting internal investigations, so FTK® Enterprise uses covert, agent-based technology to ensure that employees and teams aren’t alerted as you acquire remote data.

Pinpoint Evidence

Eliminate the hours spent manually digging through endpoint registry data, internet history, and system summary files for the data you’re interested in. FTK Enterprise intelligently categorizes the most data artifacts to help you pinpoint key evidence faster. 

Remediate Quickly

Stop risks in their tracks with remediation capabilities that give you the ability to delete offending files, kill processes, and stop non-compliant activities across endpoints.

Remotely preview and collect mobile device data with Exterro Remote Mobile Discovery.

Streamline and simplify your investigatory workflows with our patent-pending solution to the challenge of investigating mobile devices remotely. Exterro Remote Mobile Discovery empowers forensic investigators with the ability to collect data without shipping devices, wired connections, or intrusive agents installed on mobile devices.

Investigate employee wrongdoing from anywhere with Remote Endpoint Collection. 

FTK Enterprise can deploy agents to each endpoint (including Macs), and then perform discreet agent-based remote collection to a secure, encrypted forensic container. No VPN? No problem! FTK Enterprise is the leader in Off-Network Acquisition. Organizations can continue to perform data collections from traveling or ‘work from home’ employees who may not be connected to the VPN, as long the endpoint is simply online.

Assess endpoint data prior to collection with Live Preview.

Full-disk collection takes up time and storage space. With FTK Enterprise, you can perform a rapid risk assessment of a suspected compromised endpoint by previewing the contents to see the endpoint’s folder structure, filter for specific file and data types, and view files of interest before performing a collection. 

Instantly preserve endpoint evidence with cybersecurity automation.

Integrate FTK Enterprise with SOAR and SIEM solutions to instantly preserve and collect endpoint evidence upon detection of an intrusion, with optional FTK Connect automation. [link to page]. Exterro’s seamless integration with cybersecurity platforms like Cortex XSOAR reduces risk and speeds up internal breach investigations, with 24/7 real-time evidence collection and auditable preservation capabilities. 

Additional Capabilities

Zero Trust Compliant

Conduct remote endpoint collection, preview, and remediation securely within a Zero Trust framework such as ZScaler, using encrypted public site server technology.

Memory Comparison

Easily compare an endpoint's volatile data to the previous time you previewed it to locate differences in processes or applications that are running.

Targeted Collection

Target specific locations on the endpoint, then apply filters to limit the size and scope of the collection and bypass irrelevant data.

Mac Data Review

Collect, parse and render Apple Mail, iMessage, iWork files, Safari browser data, Outlook for Mac email, Mac Artifacts, and Mac system summary data like Spotlight Search, KnowledgeC, and Power Log data.