Sensitive and potentially useful information is stored within the file systems of mobile devices.
The open-source nature of Android's operating system lends itself to detailed, open documentation and more direct access for the investigator, as opposed to the closed Apple iOS operating system. An investigator may be able to connect directly to an Android device and use basic Linux operating system commands to view and extract files, whereas Apple iOS may require a forensic workstation, third-party tools, or special devices to extract the file system data.
What are some of the useful files and where are they located within the file system? How do the file system structures differ between mobile operating systems?
What do all file systems have in common? How are they different?
Some of the answers can be found in NIST Special Publication 800-101, Guidelines on Mobile Device Forensics, and NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response. A video below provides detail on the tools and techniques investigators use.
References
Ayers, R., Brothers, S., & Jansen, W. (2014). Guidelines on mobile device forensics, revision 1. NIST Special Publication 800-101. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf