I have used Exterro at a couple of instances. I've used Exterro throughout my internships as a digital forensic consultant, as well as using Exterro, specifically the FTK Imager and FTK Toolkit, to teach my students in the digital forensics class I teach.

I mostly use Exterro for teaching. I usually give my students labs with digital forensics labs where we start off with trying to image the disk at hand, and that's where I use FTK Imager. I usually teach them about hashes, how to image, how to get registry, or even how to analyze memory by taking an image of the memory. Then we go on to analyzing the disk image to find deleted files, recovering artifacts like browser history, emails, and registry keys. The whole process is divided into several labs that I give to my students.

Exterro has been the very first tool I usually introduce to my students. Most of the time, my students come back and say that it's very intuitive. Since it's been the very first tool that they get introduced to in the class, it usually leaves a very lasting impact on them. Using Exterro in class has been really helpful in getting students to understand the fundamentals. I use Exterro as a live teaching tool rather than having a simulated environment. Students actually go through and use Exterro with real forensic disk images and practice the same workflow as a practicing examiner would.

I know this because I actually used Exterro for my internship. As a digital forensic consultant, we used to analyze all sorts of cases using Exterro, the FTK Toolkit, and the FTK Imager. I try to use the same workflow and the same methodology to teach students who are going to become digital forensic analysts using Exterro. This has been one of the most heavily used cases for Exterro.

I understand the features well. A few features that stand out to me, and I'll start with FTK Imager because that's the first tool I usually start with in my classes. FTK Imager is free and very reliable at the same time, and it has become an industry standard for evidence acquisition. I really like the fact that you can use it for imaging disks while at the same time you can use it to image memory. I do use it for both acquisitions.

The next thing that's really impressive to me is what I teach in class. The keyword search and indexing capability is very impressive in the sense that I'm able to quickly show or demonstrate, or have my students carve through large volumes of data to find relevant artifacts as well as deleted files. Deleted files and browser artifact recovery are a few topics that I teach my students. I particularly use Exterro because of its amazing performance with artifact recovery features. That is something that I always find impressive.

The biggest positive impact on students of Exterro has been readiness. By training students on Exterro or FTK, rather than simulating or having a watered-down tool, students actually graduate with hands-on experience in an industry-standard platform that employers actually use. This has shortened the learning curve for those who want to work in digital forensic roles. We're actually even considering having students go through the certification. I sat for the ACE certification about two years ago and recently took the GCFE exam, which included some experience or introductions with FTK Imager. I believe that it goes a long way. It essentially bridges the gap between academic learning and real-world practice, which is something I really appreciate.

Speed has been an issue, but at the same time, I wasn't sure if that is particularly something that could be improved because I understand that there are large forensic images and can take a significant amount of time to process. That has been one thing with my students. Usually when they're doing a lab, they have to take a lot of time to actually process the image. Sometimes I actually give them processed images for the latter labs, but when it comes to creating the disk images themselves and processing the images, it takes a lot of time. At the same time, sometimes the memory and hardware requirements could be demanding as well, specifically for lower-spec machines that students usually have. Although we do have lab machines that FTK runs on smoothly, for machines that students use, sometimes they can't be very high-end, so that is a real constraint.

Since I am in academia, I would actually think more in terms of the academic pricing and licensing model. I would really appreciate if Exterro actually has an academic pricing or licensing model. Sometimes the cost could be a barrier. If Exterro has an academic program where it could partner up with universities to even give out exam vouchers or have some students sit for the exam with a reduced price and work with the institution, that would be really great.

I've been working as an assistant professor for the past one year. However, I have been working in the digital forensics field for the last five years.

Exterro for the most part is stable and reliable when running on hardware that meets its system requirements. However, stability can actually be an issue when processing very large disk images or actually running on machines with limited RAM and processing power. That is something that is becoming a real consideration when using Exterro in the lab or in the classroom. Occasional crashes or freezes during intensive processing tasks have been observed by students, particularly when multiple features are being used simultaneously, but these are not frequent enough to say that Exterro is not doing a good job.

Exterro handles scalability reasonably well. The indexing engine is one of its very strongest suits. I can use it to process and search substantial volumes of data quite efficiently. That is nice, but scaling up does actually come with hardware and licensing demands, which can be constraints sometimes.

I am not sure if my students reached out for help because they usually reach out to me for help. When it comes to myself, I have reached out to customer support a few times, and they do offer resources, documentation, and they're really helpful for common issues. I haven't reached out to them as often as one should to be able to comment on this, hence I will not comment on that.

We did not switch to Exterro. We have always been using Exterro, especially FTK Imager. So we've always been using that.

Return on investment—time saved or other metrics like fewer employees needed or money saved—are not something that really resonates with me at this time. From an educational standpoint, the ROI would be evident in terms of student outcomes. Students who train on Exterro FTK tend to be better prepared for industry certifications. If you're using Exterro as a foundational tool, as the very first tool that you introduce students to, you would see that they become much more familiar with how the other tools would look like down the line, whether it's Magnet AXIOM or Cellebrite. They will actually know how to use them—not completely, but at least give them a starting point and a head start on it. So the ROI for me would be student outcomes.

Pricing can be one of the challenging aspects of Exterro, particularly for educational institutions. The full FTK license comes at a significant cost, which sometimes can be prohibitive for smaller institutions or individual students looking to practice outside of class. That actually adds an extra layer of complexity, especially when managing multiple machines in a lab environment. FTK Imager is available for free, which is a real positive. It allows students to get started with evidence acquisition without any cost barrier, which is something that students really appreciate because they can even use FTK Imager in their own time. A dedicated academic licensing tier with reduced pricing would make Exterro much more accessible to the educational community and help grow the next generation of digital forensic examiners.

I did not evaluate other options. I just started my job one year ago. Exterro has been used here, and I can explain why they would be using Exterro because it's almost evident. I've used Exterro during my PhD studies. It was actually one of the very first tools that I was introduced to. It's even one of the very foundational tools that is being used in the industry. When I was doing my internship as a digital forensic consultant in both civil and criminal areas, FTK Toolkit and FTK Imager would be one of the very first tools that I was introduced to everywhere. I can almost understand why students have been introduced to Exterro first.

Exterro is very easy to use. For ease of use, students are the best use case because they are actually coming in without any experience using any other tools when it comes to digital forensics. In terms of usability, usually students find having a learning curve at the very beginning, but just a few guidance tips or guidance here and there would help. I find it that it's intuitive compared to other tools on the market, which is why it is always the first tool that I introduce to them. Once students get past the initial complexity, they actually start to appreciate what the tool offers.

As for integrations, I feel that FTK fits naturally into the broader forensics workflow. Especially coming in from FTK Imager, you're able to get different image types, which down the line can be integrated into or can be used with multiple tools out there. It actually complements other tools in the field, such as Cellebrite, Magnet, and Autopsy, and that is why I actually use it.

I go ahead and use exam scores. Comparing lab scores versus exam scores, I usually give several labs. You would actually see labs that are being done on FTK Imager or the very starting labs getting much higher scores because of the ease of use, and it is such a foundational tool that is really important to be introduced to students early on and doesn't really have a very high learning curve compared to other tools. If you look at the lab scores and compare them to the lab scores of labs that require students to use other tools, you'll see quite a difference with FTK, with the labs using FTK Imager or FTK Toolkit having higher scores from students.

Exterro is a really good tool if you're starting out or just learning the foundational aspect of digital forensics. I think it's a solid introduction to digital forensics as a whole. Even using FTK Imager, it's a really reliable product for a free product. I think it would really solidify your digital forensic process, and I think it should be a mandatory tool that organizations actually use because it provides a lot of features that can be really helpful for day-to-day investigations. This review received a rating of eight out of ten.