Product Type

FTK® Enterprise

Investigate Remote Endpoints with FTK Enterprise


Gain deep visibility into remote endpoint data to investigate cybersecurity incidents, data breaches, or employee wrongdoing.


Quickly Identify and Understand Activity Putting Your Organization at Risk


Use FTK Enterprise to expose and investigate a variety of criminal and malicious activities, including data breaches, database tampering, inappropriate sharing of confidential company information, deletion of files, wiping of hard drives, or viewing of inappropriate content.


Discreet Data Acquisition


Discretion can be critical when conducting internal investigations, so FTK® Enterprise uses covert, agent-based technology to ensure that employees and teams aren’t alerted as you acquire remote data.


Pinpoint Evidence


Eliminate the hours spent manually digging through endpoint registry data, internet history, and system summary files for the data you’re interested in. FTK Enterprise intelligently categorizes the most data artifacts to help you pinpoint key evidence faster.


Remediate Quickly


Stop risks in their tracks with remediation capabilities that give you the ability to delete offending files, kill processes, and stop non-compliant activities across endpoints.


Investigate employee wrongdoing from anywhere with Remote Endpoint Collection. 

FTK Enterprise can deploy agents to each endpoint (including Macs), and then perform discreet agent-based remote collection to a secure, encrypted forensic container.

No VPN? No problem!  FTK Enterprise is the leader in Off-Network Acquisition. Organizations can continue to perform data collections from traveling or ‘work from home’ employees who may not be connected to the VPN, as long the endpoint is simply online.


Assess endpoint data prior to collection with Live Preview.

Full-disk collection takes up time and storage space. With FTK Enterprise, you can perform a rapid risk assessment of a suspected compromised endpoint by previewing the contents to see the endpoint’s folder structure, filter for specific file and data types, and view files of interest before performing a collection.


Instantly preserve endpoint evidence with cybersecurity automation.

Integrate FTK Enterprise with SOAR and SIEM solutions to instantly preserve and collect endpoint evidence upon detection of an intrusion, with optional FTK Connect automation. [link to page].  Exterro’s seamless integration with cybersecurity platforms like Cortex XSOAR reduces risk and speeds up internal breach investigations, with 24/7 real-time evidence collection and auditable preservation capabilities.


Additional Capabilities

  • Zero Trust Compliant

    Conduct remote endpoint collection, preview, and remediation securely within a Zero Trust framework such as ZScaler, using encrypted public site server technology.

  • Memory Comparison

    Easily compare an endpoint’s volatile data to the previous time you previewed it to locate differences in processes or applications that are running.

  • Targeted Collection

    Target specific locations on the endpoint, then apply filters to limit the size and scope of the collection and bypass irrelevant data.

  • Mac Data Review

    Collect, parse and render Apple Mail, iMessage, iWork files, Safari browser data, Outlook for Mac email, Mac Artifacts, and Mac system summary data like Spotlight Search, KnowledgeC, and Power Log data.