Information Technology Reference
In-Depth Information
shell@Android:/ $ cd /sys
cd /sys
shell@Android:/sys $ ls
ls
block
bus
class
dev
devices
firmware
fs
kernel
module
power
Since the data present in these folders is mostly related to configuration, this is not usually
of much significance to a forensic investigator. But there could be some circumstances
where we might want to check if a particular setting was enabled on the phone, and ana-
lyzing this folder could be useful under such conditions. Note that each folder consists of
a large number of files. Capturing this data through forensic acquisition is the best method
to ensure this data is not changed during examination.
The
devpts
file system presents an interface to the terminal session on an Android
device. It is mounted at
/dev/pts
. Whenever a terminal connection is established, for
instance, when an adb shell is connected to an Android device, a new node is created un-
der
/dev/pts
. The following is the output showing this when the adb shell is connected
to the device:
shell@Android:/ $ ls -l /dev/pts
ls -l /dev/pts
crw------- shell shell 136, 0 2013-10-26 16:56 0
The
cgroup
file system stands for control groups. Android devices use this file system to
track their job. They are responsible for aggregating the tasks and keeping track of them.
This data is generally not very useful during forensic analysis.
The
proc
file system contains information about kernel data structures, processes, and
other system-related information under the
/proc
directory. For instance, the
/sys
dir-
ectory contains files related to kernel parameters. Similarly,
/proc/filesystems
dis-
