Cyber Dose
Posts
Be a Better Detective #4

Be a Better Detective #4

Never Trust What You Hear, and Only Half of What You See

Husam Shbib
July 19, 2025

Hello Everyone. It is Husam! Thank you for being part of this journey. Let’s try to be better cybersecurity & digital forensics warriors EVERY SINGLE DAY *_^

These series of posts are real-world challenges/mistakes faced/made by digital forensic practitioners. Try to solve them yourself and sharpen your investigative skills ^_^

Who Am I? Husam is just a guy who loves solving cyber-crime mysteries.
~ Sherlock Holmes by Day - Lupin by Night.

Do not forget to add this email ID to the whitelist, to not be received in the spam folder and miss the future issues!

Below, there are some training providers’ links that I think their content would be an added value to you, so check them out :) Let’s keep learning.

There is a saying: "Never trust what you hear, and only half of what you see"

Right?

Does this apply in digital forensics the same way too? Do you believe so? Hmmm

The Scenario:

A junior digital forensics examiner, was bragging about his technical digital forensic skills, and wanted to showcase that to his agency’s top management.

He started analyzing a suspect's computer drive after doing dead box acquisition in their labs.

He started showing off in front of his examiners about the case was easy for him, where he was able to uncover the truth really quickly.

However, his tone got lower and lower while talking about some artifacts were not expected to exist or should be located in different locations based on the discovered operating system.

His fellow examiners asked him, how did you determine the operating system? The examiner said: it was a piece of cake, as it was a Windows image, so just by looking at the below key value in the Software registry hive, which revealed that it was Windows 10 Home.

“SOFTWARE\Microsoft\Windows NT\CurrentVersion”

There were no indicators of data manipulation - and in fact, none were present

The examiner wrote this in his report and built upon it…

Here is the task: What do you think? Based on the provided key, is it really Windows 10, taking into consideration no manipulation occurred? Let me know your approach and thought process.

𝐁𝐞 𝐚 𝐁𝐞𝐭𝐭𝐞𝐫 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐯𝐞. 🕵
Hope such content opened your eyes and make you more aware in such cases.

💡By the way, if you liked such challenges and topics, you would definitely like my digital forensics coaching program, where we go through a full computer forensic case A-Z with peer review insights and hands-on guidance.

Cya till the next week ~Hoxed

You can find me on other social medias here.

Thank you for reading this post, hope it was useful!

I can help you further with:

1️⃣ Cybersecurity Investigation Projects
2️⃣ Digital Forensic Coaching
3️⃣ LinkedIn Cybersecurity Companies Branding

Click here, so we can talk!

Training Providers’ Partner Links

Here are some amazing partners’ platforms to learn from, click on the one you are mostly interested in:

You know that a new Pro Lab was recently released? Check out “Wanderer”. Know how attackers get into systems, so you know both sides of the cybersecurity coin.

Note: These are affiliate links to companies I work with and I believe their content would be valuable to you. Using them helps support my content.

Reply

or to participate.