Android File Systems
Having basic understanding for file systems is really helpful for basic any disk or OS forensics. Well for your information, android supports multiple file systems. But if we consider smartphones, then a very common terminology used is “YAFFS2 (Yet another Flash File System). It’s the main partition of Android file system and it’s specifically designed for embedded systems such as Smartphones, tablets etc.If you want to see complete list of all supported file systems on an android device, you can use below command in “adb shell”:
“cat /proc/filesystems”
Above command will result into something like below :
The “nodev” entry next to the file system indicates that there is no physical device associated with that particular file system. Android supports ext2, ext3, and ext4 file systems (used by Linux systems) and the vfat file system used by Windows-based systems. Since it is targeted for mobile devices, Android supports YAFFS and YAFFS2 file systems, since it requires supporting NAND chips used in these devices.
Android’s file system is divided into different partitions. In order to see the different partitions that are mounted on an Android device, we can get a shell on the device and execute the following command: “mount“. This is shown in the following figure:
If we observe the above figure, there are few important file system partitions such as /system, /cache, /data using ext4 as their file system type rather than YAFFS. This is because, starting from Gingerbread, Android has replaced YAFFS file system with ext4.
That’s all for today friends ! If you have any doubts feel free to ask.
We will learn more about Android Forensics in future articles. Keep Learning!! Keep Connected!!
No comments:
Post a Comment