Understanding the filesystem is very important in Android forensics, as it helps us gain knowledge of how the data is stored and retrieved. This knowledge about properties and the structure of a filesystem will prove to be useful during forensic analysis. Filesystem refers to the way data is stored, organized, and retrieved from a volume. A basic installation may be based on one volume split into several partitions; here, each partition can be managed by a different filesystem. Microsoft Windows users are mostly familiar with the FAT32 or NTFS filesystem, whereas Linux users are more familiar with the EXT2 or EXT4 filesystem. As is true in Linux, Android also utilizes mount points and not drives (that is C:
or E:
). Each filesystem defines its own rules to manage the files on the volume. Depending on these rules, each filesystem offers a different speed for file retrieval, security, size, and so on. Linux uses several filesystems and so does Android. From a forensic...
Argentina
Australia
Austria
Belgium
Brazil
Bulgaria
Canada
Chile
Colombia
Cyprus
Czechia
Denmark
Ecuador
Egypt
Estonia
Finland
France
Germany
Great Britain
Greece
Hungary
India
Indonesia
Ireland
Italy
Japan
Latvia
Lithuania
Luxembourg
Malaysia
Malta
Mexico
Netherlands
New Zealand
Norway
Philippines
Poland
Portugal
Romania
Russia
Singapore
Slovakia
Slovenia
South Africa
South Korea
Spain
Sweden
Switzerland
Taiwan
Thailand
Turkey
Ukraine
United States