FTK Forensic Toolkit

The gold standard in digital forensics software for repeatable, defensible full-disk image collection, processing and review

Streamline forensic investigations to locate key evidence and solve complex cases faster.

Seconds matter in critical investigations. FTK gives investigators a head start by pointing them directly to the artifacts that matter most, narrowing down the scope of their investigation, and reducing the time it takes to close cases.

Be Instantly Productive

FTK’s intuitive interface design makes it easier for both experienced investigators and non-technical users to navigate within the software, dramatically reducing the learning curve for all skill levels.

Find More Artifacts

Eliminate the hours spent manually digging for the data types you’re interested in. FTK intelligently categorizes and displays the most data artifacts to help you pinpoint key evidence faster.

Search Evidence Faster

Since evidence is processed and indexed up front, you don’t have to wait for index searches to execute during your review. Filter and search evidence faster and more consistently than in any other solution.

Quickly locate, collect, and analyze digital evidence with the most trusted solution in the industry.

FTK’s reliable, scalable processing engine gets more evidence into the hands of examiners in less time, allowing them to dig deeper into their data and solve cases faster. With its ability to create custom Python scripts, decrypt files, recover and crack passwords, parse registry files, and carve data to recover deleted evidence, FTK finds the data that other tools can’t.

Investigate mobile device evidence and review chat app data with Mobile Data Processing.

Leverage FTK’s powerful processing engine to parse computer and mobile data in a single database to find connections across data sources. FTK supports native unprocessed UFD extractions from mobile devices provided by tools like Cellebrite, Oxygen, XRY or GrayKey. Review chat messages from apps like Twitter and WhatsApp, reconstructed in their near-native view to quickly interpret the conversation.

Effortlessly pivot through image and video case evidence with Multimedia Thumbnail Review.

Hover over and click on thumbnails to easily inspect pictures of interest, then label and categorize images easily with keyboard shortcuts. FTK provides context for every image by reconstructing the device user’s activity leading up to and following the creation of the image via built-in mini timelines. FTK’s investigator wellness settings reduce repeated exposure to sensitive content, such as in CSAM cases.

Additional Capabilities

• Mac Data Review

  Process and analyze datasets containing Apple file systems that are encrypted, compressed or deleted. Parse and render Apple Mail, iMessage, iWork files, Safari browser data, Outlook for Mac email, Mac Artifacts, and Mac system summary data like Spotlight Search, KnowledgeC, and Power Log data.

• Image Identification and Categorization

  Use facial and object recognition to automatically locate images containing that same content. Help identify victims faster in CSAM investigations by analyzing and grading images and videos, then comparing them with collaborative hash databases like Project Vic and CAID UK.

• System Summary Parsing

  As Windows captures the timeline of actions of the user, FTK will parse those registry files for you. See every application the user opened, internet activity performed, networks the user was connected to, and where and when this activity occurred.

• Portable Case

  Export your data into a portable case for offline review by a detective, analyst, attorney or outside reviewer. Any labels and bookmarks created by the reviewers are synced back to the original case.