Wednesday, 27 July 2016

Android Forensics Tutorial – Part 2 Android File System

Android Forensics Tutorial – Part 2 Android File System
In our previous Android Forensics tutorial, we have learned about basic directory structure of android need for Android Forensics tutorial. In continuation of our chain of Android Forensics tutorial, today we will learn more about Android File System, how it can be helpful in Android Forensics.

Android File Systems

Having basic understanding for file systems is really helpful for basic any disk or OS forensics. Well for your information, android supports multiple file systems. But if we consider smartphones, then a very common terminology used is “YAFFS2 (Yet another Flash File System). It’s the main partition of Android file system and it’s specifically designed for embedded systems such as Smartphones, tablets etc.
If you want to see complete list of all supported file systems on an android device, you can use below command in “adb shell”:
“cat /proc/filesystems”
Above command will result into something like below :
Android Forensics - Image 2
The “nodev” entry next to the file system indicates that there is no physical device associated with that particular file system. Android supports ext2, ext3, and ext4 file systems (used by Linux systems) and the vfat file system used by Windows-based systems. Since it is targeted for mobile devices, Android supports YAFFS and YAFFS2 file systems, since it requires supporting NAND chips used in these devices.
Android’s file system is divided into different partitions. In order to see the different partitions that are mounted on an Android device, we can get a shell on the device and execute the following command: “mount“. This is shown in the following figure:
Android Forensics - Image 3
If we observe the above figure, there are few important file system partitions such as /system, /cache, /data using ext4 as their file system type rather than YAFFS. This is because, starting from Gingerbread, Android has replaced YAFFS file system with ext4.
That’s all for today friends ! If you have any doubts feel free to ask.
We will learn more about Android Forensics in future articles. Keep Learning!! Keep Connected!!

AddToAny