Reverse Engineering of the Android File System (YAFFS2)

We published a Technical-Report with id CS-2011-06 (ISSN 2191-5008) named Reverse Engineering of the Android File System (YAFFS2) today. This report originates from parts of the Diploma Thesis of Christian Zimmermann which was published earlier this year.

Abstract — YAFFS2 is a file system which is used in many modern smartphones. Allthough YAFFS2 is an open standard and there exists an open source implementation, the behavior of YAFFS2 is not very well understood. Additionally, several aspects like wear-leveling and garbage-collection are not well-specified in the standard so that their actual behavior has to be reverse engineered from the implementation. Here, we give an introduction to and describe the basic functionality of YAFFS2. We place a particular focus on the detailed analysis of both wear-leveling and garbage-collection mechanisms, since these are important within a forensic analysis of the file system.