Cyber Dose
Posts
Be a Better Detective #5

Be a Better Detective #5

Confusing Drive Serial Numbers

Husam Shbib
August 02, 2025

Hello Everyone. It is Husam! Thank you for being part of this journey. Let’s try to be better cybersecurity & digital forensics warriors EVERY SINGLE DAY *_^

These series of posts are real-world challenges/mistakes faced/made by digital forensic practitioners. Try to solve them yourself and sharpen your investigative skills ^_^

Who Am I? Husam is just a guy who loves solving cyber-crime mysteries.
~ Sherlock Holmes by Day - Lupin by Night.

Do not forget to add this email ID to the whitelist, to not be received in the spam folder and miss the future issues!

Below, there are some training providers’ links that I think their content would be an added value to you, so check them out :) Let’s keep learning.

Before I provide to the scenario, I wanted to tell you that I am honored to be one in the finalists list for the 2025 Arab Cybersecurity Social Media Influencer! 🏆

So, if you learned anything from my content, inspired, or even pushed to do something in the cybersecurity and digital forensics, your voting support means a lot to me here!

The Scenario:

A junior digital forensics examiner, was tasked to image a few drives. The examiner extracted them from their corresponding devices, as he is doing dead-box acquisition.

The drives were from type SATA HDDs 3.5” and SATA SSDs 2.5”.

Unfortunately, the examiner did not have access to a suitable hardware write-blocker, so he requested his agency to purchase a universal SATA HDD/SSD adapter from an online shop.

The agency purchased what he requested and provided it to him, and this allowed him to image the drives using a software forensic imager after booting to a forensic media.

After completing the imaging process, the examiner wanted to verify the image details of the drives. Surprisingly, he discovered that the serial numbers in the images did not match those printed on the actual physical drives.

For example, one drive’s S/N shown in the software was: EE565193337A2, but the label on the disk was clearly showing: S21973J0115825.

Here is the task: What do you think? Why did they not match? Is there a reason for that? What would it be?

𝐁𝐞 𝐚 𝐁𝐞𝐭𝐭𝐞𝐫 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐯𝐞. 🕵
Hope such content opened your eyes and make you more aware in such cases ^_^

Cya till the next week ~Hoxed

You can find me on other social medias here.

💡By the way, if you liked such challenges and topics, you would definitely like my digital forensics coaching program, where we go through a full computer forensic case A-Z with peer review insights and hands-on guidance.

Thank you for reading this post, hope it was useful!

I can help you further with:

1️⃣ Cybersecurity Investigation Projects
2️⃣ Digital Forensic Coaching
3️⃣ LinkedIn Cybersecurity Companies Branding

Click here, so we can talk!

Training Providers’ Partner Links

Here are some amazing partners’ platforms to learn from, click on the one you are mostly interested in:

You know that a new cert was recently released? Check out “CJCA”. An entry-level cert that contains offensive and defensive knowledge. Thus, you become more familiar in both sides of the cybersecurity coin.

Note: These are affiliate links to companies I work with and I believe their content would be valuable to you. Using them helps support my content.

Reply

or to participate.