Digital evidence means Information that has been stored or transmitted in binary format and is admissible in court is known as digital evidence. It can be located, among other places, on the hard drive of a computer and a cell phone. Electronic crime, sometimes known as e-crime, such as child pornography or credit card fraud is frequently linked to digital proof. It has been mentioned under section 65B of the Indian Evidence act as “any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer (hereinafter referred to as the computer output) shall be deemed to be also a document, if the conditions mentioned in this section are satisfied in relation to the information and computer in question and shall be admissible in any proceedings, without further proof or production of the original, as evidence of any contents of the original or of any fact stated therein of which direct evidence would be admissible.”
So, basically there are seven types of digital evidences, they are: –
- Logs, a computer-generated data file that includes details about how an operating system, application, server, or other device is used, what it does, and how it operates. It basically keeps the tracks of user on the computer and the virtual world. It includes database logs, phone logs, OS logs, IP logs, Server Logs etc.
- Video Footage and Images, they are visual images captured via cameras Similar to the logs we previously mentioned, video and photographs fall under the category of visual data. This category includes a wide variety of digital evidence, such as voice recordings, mobile device recordings, CCTV footage, and recordings made with digital cameras.
- Archives are ordinary files that can be accessed directly from the file explorer and are part of the category of visible data types, which also includes a wide variety of extractable file formats. Archives are a kind of all-purpose source of evidence because they can contain anything from photos to text files to other types of files.
- Active data is described as ESI placed on a computer system’s storage medium that can be directly accessed, is easily observable by the operating system and/or application software used to create it, and is immediately accessible to users without needing to be undeleted, altered, or restored.
- Metadata is the unnoticed data that comes with every image, movie, and file you see. It aids in the organisation and management of data sets, but it can also offer privacy and security problems if left uncontrolled.
- Residual data is erased or rewritten data that, if successfully recovered, may include digital proof. It is characterised as an invisible data type since it is often not visible in a file browser.
- Volatile data is data that is not written to the disc and hence falls under the category of invisible data. Some viruses, for example, do not leave traces on the hard disc in order to prevent detection by antivirus software.
Now, the question pertains to the collection of digital evidence as they could collected trough various means including phones, Computers, CDs, Pen-drives, web pages, History etc. It involves preserving and documenting electronic data that may be relevant to a legal investigation or case
Steps involved in collection of Digital evidences are-
- Identifying the scope: In order to know what kind of digital evidence you need to gather, you must first determine the precise scope of the inquiry or case. This could contain, among other things, emails, computer files, posts on social media, or network logs.
- Document your Process: Keep thorough records of the entire gathering process. To prove the reliability and admissibility of the digital evidence in court, this documentation will be essential.
- Secure the scene: Make sure the evidence is secured and shielded from unauthorised access if it relates to a computer or other digital device. To stop remote manipulation, turn off the device or unplug it from any networks.
- Engage Professionals: It could be required to involve forensic professionals with expertise in digital forensics in complex instances. They can help with gathering and analysing digital evidence while abiding by the rules and regulations of the law.
- Use Forensic Tools: Software programmes called “digital forensic tools” are made to gather and examine digital evidence. These tools frequently include built-in procedures to maintain a chain of custody and aid in maintaining the integrity of the data.
- Make Forensic Copies: Make forensic copies of the original digital media—copies made bit-by-bit. You can use the evidence without changing or harming the original data by using these copies for analysis.
- Maintain Chain of Custody: Clearly and continuously establish the chain of custody for the digital evidence. This involves recording when, by whom, and any modifications that were made to the evidence. The credibility and admissibility of the evidence in court are guaranteed by this paperwork.
- Analyse the evidence: You might need to examine the gathered digital evidence for pertinent data, depending on the investigation’s nature. Keyword searches, data recovery, metadata analysis, and other methods might be used for this.
- Preserve Metadata: Metadata, which includes creation and modification dates as well as user information, gives important details about the digital evidence. Maintaining and recording the evidence’s related metadata is important for proving its validity.
- Adhere to the legal requirements: Observe all legal prescriptions and prescriptions for the gathering of digital evidence. Consult with legal experts to ensure compliance as laws and procedures may differ between jurisdictions.
Now, the traditional judicial system is based of physical testimony and evidences and they are ill-equipped with the tools to fight against the modern era crimes which involves cyber-crime, it is a Criminal activity carried out on computers, networks, or the internet. It entails using technology to conduct crimes or enable illicit activity. Cybercriminals take use of flaws in computer systems, networks, and software to obtain access without authorization, steal confidential data, commit fraud, disrupt services, and carry out other destructive acts. These crimes generate data stored as digital records, and courts can apportion liabilities only after studying such digital evidence. Digital Evidence has been marked under section 3(1)(e)(2) of the Indian Evidence act as any documentary evidence in electronic form presented before the court for inspection. And electronic records has been defined under section 2(1)(t) of the IT act while section 65B(2) defines the conditions required for electronic record to be considered as digital evidence which includes –
- Computer the computer output containing the information was produced by the computer during the period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period by the person having lawful control over the use of the computer;
- during the said period, information of the kind contained in the electronic record or of the kind from which the information so contained is derived was regularly fed into the computer in the ordinary course of the said activities;
- throughout the material part of the said period, the computer was operating properly or, if not, then in respect of any period in which it was not operating properly or was out of operation during that part of the period, was not such as to affect the electronic record or the accuracy of its contents; and
- the information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of the said activities.
And to present these records as evidences section 65B (4) of the Indian Evidence Act provide for presentation of certificate before the court, that is to say –
- identifying the electronic record containing the statement and describing the manner in which it was produced;
- giving such particulars of any device involved in the production of that electronic record as may be appropriate for the purpose of showing that the electronic record was produced by a computer;
- dealing with any of the matters to which the conditions mentioned in sub-section (2) relate, and purporting to be signed by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities (whichever is appropriate) shall be evidence of any matter stated in the certificate; and for the purposes of this sub-section it shall be sufficient for a matter to be stated to the best of the knowledge and belief of the person stating it.
But non-presentation of this certificate wouldn’t invalidate the evidence as it has been held by the supreme court that In UOI & Ors. Vs CDR. Ravindra V. Desai ( 2018 (4) TMI 1939- SC ) as SC, held that non production of Certificate under section 65B is a curable defect and the same has been up held by Madras High court in Arjun PanditRao Kaotkar vs Kailash Kushanrao Gorantyal & Ors. ( 2020 (7) TMI 740) the HC held that Section 65B doesn’t speak of stage at which the certificate has to be presented before the court. These sections show that the law as it stands today provides for the production of information in digital form as evidence in a court of law without the additional burden of producing them in tangible form.
Now, there were several judicial precedents based on the admissibility of digital evidences and one of the prominent amongst them was Sundar v. State, 2023 SCC OnLine SC 310[1]
A three-judge bench of SC in Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473 where it held that The evidence relating to electronic record, as noted hereinbefore, being a special provision, the general law on secondary evidence under Section 63 read with Section 65 of the Evidence Act shall yield to the same. Generalia specialibus non derogant, special law will always prevail over the general law. It appears, the court omitted to take note of Sections 59 and 65-A dealing with the of electronic record. Sections 63 and 65 have no application in the case of secondary evidence by way of electronic record; the same is wholly governed by Sections 65-A and 65-B.[2]
As a result, under the current legal framework, digital copies of electronic records may be used as evidence in court if they meet the non-technical and technical requirements outlined in Section 65B of the Indian Evidence Act. According to the legislation as it exists right now, the individual using or overseeing the computer system that creates the record is required to have the certificate. The rules of admissibility of electronic records can be made more victim-friendly by making the necessary amendments to the law to do away with the requirement for the certificate. When it comes to cybercrimes, the court may accept digital evidence without expert testimony to support its admissibility. Consequently, call recordings, screenshots, spreadsheets, audio and video data, etc.
[1] Sundar v. State, 2023 SCC OnLine SC 310 (para 28 and para 29).
[2] Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473(para 22)
“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”
Written By – Shreyanshu Gupta