Understanding the filesystem is very important in Android forensics, as it helps us gain knowledge of how the data is stored and retrieved. This knowledge about properties and the structure of a filesystem will prove to be useful during forensic analysis. Filesystem refers to the way data is stored, organized, and retrieved from a volume. A basic installation may be based on one volume split into several partitions; here, each partition can be managed by a different filesystem. Microsoft Windows users are mostly familiar with the FAT32 or NTFS filesystem, whereas Linux users are more familiar with the EXT2 or EXT4 filesystem. As is true in Linux, Android also utilizes mount points and not drives (that is C: or E:). ...