Setting up a proper forensic environment is crucial prior to conducting investigation on an Android device. The Android SDK installation is necessary to use tools such as ADB that come along with it. Using ADB, an examiner can communicate with the device, view folders on the device, and pull data and copy data to the device. However, not all folders can be accessed on a normal phone in this manner. This is because the device's security enforcements prevent an examiner from viewing the locations that contain private data. Rooting a device solves this issue, as it provides unlimited access to all the data present on the device. Rooting a device with an unlocked boot loader is straightforward, while rooting a device with a locked boot loader involves exploiting some security bug.
With this knowledge about accessing the device, you will now learn how data is organized on an Android device and many other details in Chapter 3, Understanding Data Storage on Android Devices.