Setting up a proper forensic environment is crucial prior to conducting investigation on an Android device. The Android SDK installation is necessary to use tools such as ADB, which come along with it. Using ADB, an examiner can communicate with the device, view folders on the device, pull data, and copy data to the device. However, not all folders can be accessed on a normal phone in this manner, since the device's security enforcements prevent an examiner from viewing locations that contain private data. Hence, rooting a device solves this issue, as it provides unlimited access to all the data present on the device. Rooting a device with an unlocked boot loader is straightforward, while rooting a device with a locked boot loader involves exploiting some security bugs.

With this knowledge on accessing the device, we will now cover how data is organized on an Android device and many other details in Chapter 3, Understanding Data Storage on Android Devices.