Scribd
Upload
25 views

Android File Hierarchy

The Android file hierarchy contains several important partitions and file systems. The /boot partition contains files needed for booting, /system contains system files, /data stores application data, /cache stores frequently accessed data, and /misc stores miscellaneous settings. The /sdcard partition holds information on the SD card. Key file systems include Ext4, VFAT, YAFFS2, F2FS, and RFS, with Proc and Tmpfs being important for forensic analysis due to containing kernel and process information.

Uploaded by

Paulo Fegueredo
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
25 views

Android File Hierarchy

The Android file hierarchy contains several important partitions and file systems. The /boot partition contains files needed for booting, /system contains system files, /data stores application data, /cache stores frequently accessed data, and /misc stores miscellaneous settings. The /sdcard partition holds information on the SD card. Key file systems include Ext4, VFAT, YAFFS2, F2FS, and RFS, with Proc and Tmpfs being important for forensic analysis due to containing kernel and process information.

Uploaded by

Paulo Fegueredo
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Android File Hierarchy

/boot Information and files needed for boot; containts


kernel and RAM disk
/system Contains system files other than kernel and RAM
disk; should never been deleted as the device will
be unbootable
*/recovery Backup purposes and allows the booting into
recovery mode
/data Data of each application; data belonging to user
such as contacts, SMS, dialed numbers, etc
*/cache Stores frequently accessed data and some logs for
faster retrieval; important to forensic
investigations as data residing may no longer be
present in /data partition
*/misc Contains information about miscellaneous
settings; settings define state of the device – on or
off- hardware settings, USB settings, etc.; accessed
from folder
/sdcard Holds all information present on the SD card;
contains pictures, videos, files and documents, etc.

Important File systems


Significant to
Investigation?
Root file system (Rootfs) Contains information required
to boot; if this file system is
corrupted, device cannot be
booted
Sysfs mounts/sys folder which No
contains information about the
configuration of the device;
Devpts Presents an interface to the No
Terminal session on the device;
mounted at /dev/pts
Cgroup Control groups; tracks the job of No
Android devices; not very useful
for forensic analysis
Proc Information about kernel data Yes
structures, processes, and
system-related information in
the /proc directory;
Tmpfs Temporary storage facility that Yes
stores RAM (volatile memory);
Common File Systems
EXT4 Fourth version of the extended
file system; significant in devices
with dual-core processors
VFAT Extension of the FAT16 and
FAT32 file systems; SD cards are
formatted using the FAT32
version
YAFFS2 (Yet Another Flash File Open source single-threaded file
System 2) system that is fast and deals with
NAND flash; log-structured file
system; not supported by newer
kernel versions
(F2FS) Flash Friendly File Supports Samsung devices
System running Linux 3.8 kernel; log-
structured methods that
optimizes NAND flash memory
Robust File System (RFS) Supports NAND flash memory on
Samsung devices and is a FAT16
or FAT32 file system where
journaling is enabled through
transaction logs

Source: Practical Mobile Forensics Third Edition, Tamma,R., et. al

You might also like