ABSTRACT
This chapter introduces forensics and techniques used to perform it and describes the reader through the Android file system, directories, and mount points. It discusses the SD card analysis and Android-specific techniques to perform forensics and explains the reader through an example that demonstrates topics. The chapter reviews the Android File System by looking at various mount points on a typical Android device, as well as its directory structure, which might be of interest for gathering useful information. It also describes different file systems used by Android and explores relevant partitions and mount points that would of interest to security professionals to to analyze a device or applications. The chapter provides different mechanisms through which an application can store persistent data and how to obtain and analyze the bits. It suggests that steps to root an Android device and how to use third-party applications to retrieve data from Android devices.
