In order to perform forensic analysis on any system (desktop or mobile), it's important to understand the underlying file hierarchy. A basic understanding of how Android organizes its data in files and folders helps a forensic analyst narrow down his research to specific locations. If you are familiar with Unix-like systems, you will understand the file hierarchy in Android very well. In Linux, the file hierarchy is a single tree, with the top of the tree being denoted as /
. This is called the root. This is different from the concept of organizing files in drives (as with Windows). Whether the filesystem is local or remote, it will be present under the root. Android file hierarchy is a customized version of this existing Linux hierarchy. Based on the device manufacturer and the underlying Linux version, the structure of this hierarchy may have a few insignificant changes. To see the complete file hierarchy, you need to have root access. The following screenshot shows...
Learning Android Forensics
Learning Android Forensics
Overview of this book
Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Introducing Android Forensics
Setting Up an Android Forensic Environment
Understanding Data Storage on Android Devices
Extracting Data Logically from Android Devices
Extracting Data Physically from Android Devices
Recovering Deleted Data from an Android Device
Forensic Analysis of Android Applications
Android Forensic Tools Overview
Index
Customer Reviews