SEMINAR COURSE

SEMESTER VIII

BBA LLB (CYBER LAW)

ADMISSIBILITY OF DIGITAL EVIDENCE FOR CYBER CRIME INVESTIGATION

Name Sap Id Roll Number

Aman Vedwal 500076814 R760219006

SUBMITTED UNDER THE GUIDANCE OF: Mr. Sajal Sharma

SCHOOL OF LAW

UNIVERSITY OF PETROLEUM & ENERGY STUDIES

DEHRADUN

January- May, 2023

Page 1 of 18
Table of Contents
Introduction to digital evidence and evidence collection procedure..............................................3
Types of digital evidence: ......................................................................................................3
Evidence collection procedure: .............................................................................................3
Admissibility of digital evidence .................................................................................................5
Best Evidence Rule in Proof of Contents of a Document .....................................................9
Examples of Cases on Admissibility of Evidence with Respect to Offences ...................... 11
Presumptions in Digital evidence ........................................................................................ 12
Rules of Admissibility of Electronic Evidence .................................................................... 13
Limitations on Admissibility of Digital Evidence ............................................................... 13
Presenting digital evidence .................................................................................................. 14
Investigation process involving digital evidence ........................................................................ 15
Challenges with digital evidence ............................................................................................... 16
Conclusion ................................................................................................................................ 16
References ................................................................................................................................ 17

Page 2 of 18
Introduction to digital evidence and evidence collection procedure

Digital evidence is defined as information and data that is stored, received, or transmitted by an
electronic device and is of value to an investigation. It can be found on a computer hard drive, a
thumb drive, a mobile phone, a personal digital assistant (PDA), a CD, floppy disk, DVD, flash
card in a digital camera, memory stick, memory/ SIM cards, fax machines, answering machines,
cordless phones, pagers, caller-ID, scanners, printers, copiers, and CCTV equipment, among other
places1. Thus, evidence can be found on the Internet, on standalone computers, or electronic
communication devices (ECDs) and mobile devices. It is acquired when electronic devices are
seized and secured for examination. Digital evidence is in binary form. Even though digital
evidence stored in ECDs is in the binary form (machine language) and not understandable by
humans, it should be presented in human readable form so as to be relied upon in court. It is very
different from physical evidence.

Types of digital evidence:

Digital evidence may exist in two forms:

Volatile evidence It refers to the frequently changing information (e.g., information about
running processes or network, contents on the clipboard and some data in memory which are
usually lost when the power for the ECD is turned off).

Non-volatile evidence It refers to the contents that can be recovered from an ECD even if it
is not powered on.

Evidence collection procedure:

Evidence collection2 involves five phases which are explained here:

1. Identification of Evidence:

1
https://www.researchgate.net/publication/368692167_FORENSICS_AND_DIGITAL_EVIDENCE_IN_CYBERC
RIME_INVESTIGATION

2
https://www.researchgate.net/publication/368692167_FORENSICS_AND_DIGITAL_EVIDENCE_IN_CYBERC
RIME_INVESTIGATION

Page 3 of 18
 Evidence has to be found by determining exactly where it is stored in the ECD. This necessitates
distinguishing between the actual evidence and junk data. Identification implies what the
information available in the data is, where it is located, and how it is stored. Consequent to this,
it has to be ascertained if the evidence is relevant to the offence committed or the case. The order
of volatility of evidence is important to determine the order of gathering the evidence and to
minimize any loss of data relevant to the case or corruption of the same. Evidence should be
collected using the right tools and by a person who has expertise in it and is legally entitled to.

2. Preservation of Evidence:

This necessitates ensuring that the evidence is retained in its original form. Digital evidence is
usually retainer on a storage media, for example, in a compact disk or tape3. The storage media is
labelled with information such as the date and time on the electronic communication device from
which it was collected, the person who collected it, the program/software/command used to copy
the files, copies of software/program and the information that is expected to be present in the
collected files.

Evidence collected should be free from alteration and from any external avenues of change.
Tampering of evidence should be avoided. It is always safe to have a forensic image or forensic
copy of the evidence collected which could help at times of physical tampering of evidence.
Usually, a minimum of two copies of the evidence are created, one of which (the first copy) is
sealed in the presence of the suspect or the owner of the ECD and is placed in a secured storage.
This is referred to as the master copy and is opened for examination only on the direction of the
court as to the challenge raised on the evidence after forensic analysis on the second copy. Every
step of evidence collected should be documented. Any change made on it should be documented
and justified.

3. Analysis of Evidence

The stored evidence has to be analysed to extract the relevant information and recreate the chain
of events. Analysis should be performed in a dedicated host that is clean, secure and isolated from

3
https://www.researchgate.net/publication/331991596_ROLE_AND_IMPACT_OF_DIGITAL_FORENSICS_IN_C
YBER_CRIME_INVESTIGATIONS

Page 4 of 18
the network. During analysis, every action performed on the evidence is documented to ensure
that the procedure is repeatable and capable of yielding the same results at any later point in time.

Analysis of evidence includes assessment of the means and motivation of the committed crime
while evaluating the collected digital evidence, experimentation of all possibilities of methods
and techniques and documenting them for verification while being tested by a scientific
community and the court, correlation of analysis results with investigation methods and other
physical evidence to map the crime scene and validation of the results of analysis, during the time
of trial in the court as valid proof.

4. Presentation of Evidence

This implies communicating the results of analysis before the court to either prove or disprove a
crime. In order to be effective, the presentation should be understandable even to a layman.

5. Archival of Evidence

Storage of collected evidence in some storage medium is essential. Logs in the system can be used
to keep the evidence secure as every activity is time-stamped but it should be digitally signed and
encrypted to prevent contamination of evidence. If logs are retained locally, their integrity lies
susceptible. Network traffic should also be monitored for any malicious activity apart from
monitoring logs.

Admissibility of digital evidence

After the acquisition and analysis of evidence, admissibility is the next step in the process of any
cybercrime investigation. Evidence is produced before a judge or a jury to prove a fact in a case.
Admissibility of evidence refers to the application of a set of legal rules by a judge to determine
whether or not the evidence may be proffered. To be admissible in court, the evidence should
possess the following characteristics:

Admissible: The evidence must be usable in court. Following the standard operating procedure
(SOP) during the acquisition and handling of evidence is the basic requirement to make evidence
admissible in court. Failure to stick to the SOP during the acquisition of evidence and improper
documentation and reporting can make the evidence unusable.

Page 5 of 18
Authentic: The evidence should leave no doubt that it was acquired from a specific
location/electronic communication device and that it is a complete and accurate copy of the
acquired digital evidence and the integrity of the evidence is assured. Maintaining a proper chain
of custody helps in maintaining consistency and prevents contamination of evidence. It reveals
from where the evidence was acquired and all those who had control over it, right from acquisition.
Maintaining integrity documentation ensures its integrity. It guarantees that the digital evidence
has not been altered since its acquisition. In addition to this, evidence must be reliable, genuine,
and relevant to the incident so as to be able to prove something.

Complete: The evidence should capture all dimensions of the incident, that is, it should be
collected in such a way that it is sufficient to prove or disprove an action.

Reliable: The evidence has to be assessed for reliability while authenticating it. There are two
approaches:

(a) to determine whether the electronic communication device from which the evidence was
collected is functioning normally, and

(b) to examine whether the digital evidence collected from the electronic communication device
is damaged, contaminated, or tampered. The acquisition and analysis of evidence should not raise
any doubt on the authenticity and reliability of the evidence. Evidence should be free from
interference and contamination.

Believable: The evidence presented before the court should be understandable and believable to
the jury. Digital evidence, especially, should be conveyed to the jury in simple terms, as opposed
to presenting it in the form of a binary dump to a jury who is computer-illiterate.

As per the Explanation to Section 79A of the IT Act, "electronic form of evidence" refers to any
information with probative value that is either stored or communicated in electronic form, and this
includes computer evidence, digital audio, digital video, mobile phones, and digital fax machines.
Thus, during civil or criminal trials, courts may allow the use of digital evidence such as emails,
digital photos, word processing documents, instant message histories, spreadsheets, internet
browser histories, data bases, contents of computer memory, computer backup, secured electronic
records and secured electronic signatures, GPS tracks, logs from a hotel's electronic door, digital
video or audio, etc.

Page 6 of 18
Section 2(t) of the IT Act defines the term electronic record as ―data, record or data generated,
image or sound stored, received or sent in an electronic form or microfilm or computer-generated
micro fiche. Sections 4 to 6 of the IT Act 4 recognizes the use of legally recognizes the electronic
records. Examples of electronic records include email messages, word-processed documents,
electronic spreadsheets, digital images, and databases [Michigan]. An electronic record is in
machine readable form and so, appropriate hardware and software are required to interpret its
meaning. Electronic evidence is secondary evidence as per the Indian Evidence Act (IEA),
meaning that it does not have the same persuasive value. Information Technology Act (ITA) 2000
was amended to include admissibility of digital evidence. Accordingly, an electronic record is any
probative information stored or transmitted in digital form and that can be used during trial in
court. Electronic record is considered evidence only if it is authentic, relevant, and allowable under
hearsay. Evidence is not only available in computers, but also in electronic communication
devices. It takes various forms such as emails, digital photographs, word documents, spreadsheets,
instant messages, transaction browsing history files, contents of computer memory, contents from
a computer moved as backup onto different media, hardcopy output from computers, and other
audio and video files.

The issue of electronic evidence has recently come to light as a result of the leakage of WhatsApp
communications that were amassed during the course of an inquiry and their admissibility as
evidence in a criminal prosecution. Even before the trial started, during the investigation stage,
these WhatsApp messages were released into the public arena. Given these recent changes, a closer
examination of the legal environment for electronic evidence is warranted.

The second schedule of The Information Technology Act 2000, the only law in India that addresses
computer crime, adds the idea of electronic evidence to the provisions of the Indian Evidence Act,
1872, which was originally written with only the physical world in mind. The following can be
used to summarize these changes:

In Section 3 of The IE Act, 1872 which defines ‘evidence’ was amended where all documents
including electronic records. In Section 17 of the Act, instead of "oral or documentary," the phrase
"oral or documentary or contained in electronic form" has been substituted.

4
The Information Technology Act, 2000.

Page 7 of 18
Section 65B5 of the IE Act, establishes a specific framework for the admissibility of electronic
evidence. The scope and application of Section 65B have been the subject of numerous legal
disputes, with the Apex Court taking opposing positions.

This section states that electronic records can be used as evidence if they meet the requirements
listed below:

1. The data present in the electronic record must have been generated by a computer naturally
conducting its operations.
2. Any material that can be copied must have been used to store the electronic record.
3. The individual creating the electronic record must vouch for the correctness of its contents.
4. The information in the electronic record must not have been changed, and the computer
that created it must be in good working order.

The Supreme Court's three-judge panel in Arjun Panditrao Khotkar v. Kailash Kishanrao
Goratyal 6(known as "Arjun v. Kailash") has now defined how Section 65B should be interpreted.
The Supreme Court's earlier decisions in Anvar P.V. v. P.K. Basheer7, Shahfi Mohammad v. State
of Himachal Pradesh8, and Tomaso Bruno v. State of Uttar Pradesh9, collectively referred to as
"Anvar v. Basheer," "Shahfi Mohammad," and "Tomaso Bruno," all of which took inconsistent
positions, led to confusion regarding the reach and application of Section 65B.

The contents of electronic records must be proven as evidence in accordance with Section 65B's
standards under Section 65A of the Evidence Act. Both Sections 65A and 65B of the Evidence
Act, which deal with documentary evidence, were added by the Indian Evidence (Amendment)
Act of 2000. It was made clear in Anvar v. Basheer that since Section 65B starts off with a non-
obstante clause, it constitutes a comprehensive code for the admissibility of electronic evidence.

According to Section 65B(1), if the requirements are met, any information contained in an
electronic record that has been saved, recorded, or copied as a computer output shall also be
deemed to be a "document" and shall be admissible as evidence without further justification or the

5
Indian Evidence Act of 1872
6
7
(2014) 10 SCC 473.
8
(2018) 2 SCC 801.
9
(2015) 7 SCC 178.

Page 8 of 18
production of the originals. The requirements that must be met for the information to be classified
as a "computer output" are outlined in Section 65B(2). The requirement in Section 65B(4) that a
certificate be produced identifying the electronic record and providing details of the device used
to produce the electronic record be produced before the electronic evidence can be used in any
judicial proceeding has given rise to conflicting interpretations. A person holding an official
position of responsibility for the operation of the relevant device, or someone in charge of the
relevant actions involved, must sign this certificate. The certificate's legitimacy will be verified by
this signature.

In accordance with Section 65B (4), the information in the certificate must be accurate "to the best
of the knowledge and belief of the person stating it."

It was unclear whether a certificate under Section 65B (4) would be required even when an original
copy of the electronic record is provided as evidence after conflicting positions were reached in
the three prior Supreme Court rulings mentioned above. Another question that came up was
whether it was necessary to adhere to Section 65B (4)'s requirements or whether the need to get a
certificate might be waived.

Best Evidence Rule in Proof of Contents of a Document

The document itself is the greatest proof of a document's contents, therefore Section 91 of the
Evidence Act requires the production of the document as evidence of its contents. The rule outlined
in Section 91 can be considered an exclusive rule in that oral evidence cannot be admitted to
support the contents of the document, with the exception of certain circumstances where
supplemental evidence may be presented. The Best Evidence Rule is thereby circumvented under
Section 65B.

The language of Section 65B shows that it has overcome all problems of Original vs. Copy,
deeming electronic documents (manifested in a particular type of output) to be sufficient for proof
of what the original could have legally proved (without actually requiring production or proof of
the ―original‖). Thus, through Section 65B, the problem of Primary vs. Secondary evidence with
regard to electronic records is solved. All that is required is that the contents of the output must be
authentic and there should be reason to believe that they are authentic. A true copy can thus be
captured in print or on a digital media, duly certified by the observer.

Page 9 of 18
Information transferred from a hard drive to a CD: A hard drive is a storage device. Under the
Evidence Act, if it is written, it is considered an electronic record. According to section 65B, it
must be demonstrated that the person proving the email had legal control of the computer during
the relevant period. Krishan Kumar Bhatnagar & Ors. v. Babu Ram Aggarwal & Anr. 10i

Call History: While acknowledging the reliance placed by the prosecution on the call records, the
11
High Court of Delhi stated in Rakesh Kumar and Ors. Vs. State that "computer generated
electronic records is evidence, admissible at a trial if proved in the manner specified by Section
65B of the Evidence Act."

Video/Audio Tape Recordings:

Even before the introduction of the IT Act, the Indian courts have given the recognition to the
contents of tape recording as admissible evidence, subjected to fulfilling some conditions.

In the case of Ziyauddin Burhanuddin Bukhari v Brijmohan Ramdass Mehra and Others 12, the
Hon’ble Supreme Court concluded tape-recorded speeches as document as stated under section 3
of the Evidence Act and are admissible in evidence on satisfying certain conditions. According to
the rules of relevancy, the recoded subject matter must be proved to be relevant in the Act.

In the case of Jagjit Singh Vs. State of Haryana13, for the offence of defection, the speaker of the
legislative assembly of the state of Haryana was disqualified. While hearing the matter, digital
evidence in the form of interview transcripts from the Zee News television channel, the Aaj Tak
television channel and the Haryana News of Punjab Today television channel was considered by
the Supreme Court. The Court stated that the electronic evidence on record are admissible. The
Court upheld the reliance upon the evidence given by the speaker and concluded that voice
recorded on the CD matched with the person initiating action. The Supreme Court did not find any
problem in the Speaker's reliance on the digital evidence and conclusion given by the speaker.
Hence, with this case, it can be noted that the Indian judiciary has started to recognize the
importance of digital evidence in legal proceedings.

10
2013, IIAD (Delhi) 441.
11
Criminal Appeal No. 19/2007 decided on 27.08.2009
12
Ziyauddin Burhanuddin Bukhari v Brijmohan Ramdass Mehra and Others AIR 1975 SC 1788 (1)
13
Jagjit Singh Vs. State of Haryana (2006) 11 SCC 1)

Page 10 of 18
Video Conferencing: In The State of Maharashtra v. Dr. Praful B. Desai 14, the question involved
was whether a witness can be examined by means of a video conference. The Supreme Court
observed that video conferencing is an advancement of science and technology which permits
seeing, hearing and talking with someone who is not physically present with the same facility and
ease as if they were physically present. The legal requirement for the presence of the witness does
not mean actual physical presence. The court allowed the examination of a witness through video
conferencing and concluded that there is no reason why the examination of a witness by video
conferencing should not be an essential part of electronic evidence.

The court ruled in Amitabh Bagchi vs. Ena Bagchi15 that introducing evidence may not necessitate
a person's personal attendance in court and may instead be accomplished via a technology like
video conferencing.

Examples of Cases on Admissibility of Evidence with Respect to Offences

Case 1: Child pornography

Consider an offence such as publishing of child pornography. In this case, first the server in which
it is published has to be identified. This is done by determining the IP address. The cyber police
have to collect information about the IP address, following which the police will search the
physical address and trap the culprit. The next step is seizure and acquisition of evidence. The hard
disk is seized and hard copies from the computer of the accused are also collected 16. The cyber
forensic examiner can make an analysis about the authenticity of the collected evidence. Further,
the Internet service provider may be approached to gather information, for example, if the
computer was in regular usage and operated by the accused. The ISP usually supplies log
information which forms a major source of evidence. Besides this, CCTV footage, Internet
browsing history, and the hard disk itself will act as evidence. All of them should be in compliance
with Section 65B(2). Further, statements produced as evidence should be accompanied by a
certificate and should have been signed by a person holding a responsible official position
according to Section 65B(4).

14
AIR 2003 SC 2053
15
AIR 2005 Cal 11
16
Obscenity and Child Pornography - Applicability of Hicklin Test | PDF | Social Institutions | Social Science
(scribd.com)

Page 11 of 18
Case 2: Email-related offence

While deciding the admissibility of email, as per Sections 65B and 88 of IEA, the email down-
loaded and printed from an email account can serve as evidence. Any testimony of the witness
who has carried out the process of downloading and printing is sufficient to prove the electronic
communication. The original electronic media serves as primary evidence. Secondary evidence, if
any, should accompany the certificate in terms of Section 65B so as to be admissible.

Case 3: Image forgery

Image forgery is a crime wherein an original image is falsely altered with the intention to produce
a fake image, usually by way of image retouching, image splicing, and copy-move attack. When
an incident on image forgery is reported, for instance on Facebook, then the log is obtained from
the Facebook server. Whether the photo or the image is forged or not is determined based on the
findings and report from the cyber lab which relies on special software. If it is deemed to be forged,
then the IP address obtained from the log given by Facebook is used to trace the culprit behind the
image forgery. The evidence which is the log file as well as the report from the cyber lab that are
produced in court should be in compliance with Section 65B(2) of IEA. Further, it should be
accompanied by a certificate and should have been signed by a person holding a responsible
official position according to Section 65B(4) of IEA.

Presumptions in Digital evidence

The Indian Evidence Act, 1872 was modified by Section 92 of the IT Act 2000, which also added
a few presumptions about electronic evidence. Sections 81-A, 85-A to 85-C, 88-A, and 90-A are
where they are from.

Presumption about electronic messages: This includes messages sent over social networking sites
like WhatsApp, Twitter, and SMS, as well as emails, SMS, and MMS. The Court may assume,
pursuant to Section 88A of the IT Act, that an electronic message forwarded by the originator
through an electronic mail server to the addressee to whom the message purports to be addressed
corresponds with the message as fed into his computer for transmission; however, the Court may
not assume anything regarding the identity of the sender of such a message.

Page 12 of 18
Rules of Admissibility of Electronic Evidence
To be admissible in a court of law, the following are the rules that any evidence is expected to
satisfy17.

Relevant: It reveals whether one fact is connected to the other either directly or proves/disproves
the fact in any way as provided in Section 5(55) of the Evidence Act. Section 5 of the Evidence
Act provides that evidence can be given only for facts that are at the core of the issue or of
relevance. Since electronic records are susceptible to tampering, hiding, destruction, malicious
viral and malware attack, and getting corrupted, meta- data information such as the title of the
document, date by the computer forensic examiner (CFE) to determine its relevance during
analysis. However, since such metadata information can be easily embedded with technol- ogy,
other means should be used to establish the facts. Section 22A has been inserted into the Evidence
Act to provide for the relevancy of oral evidence regarding the contents of electronic

Authenticated: Authenticated Authentication means satisfying the court that (a) the contents of
the record have remained unchanged, (b) that the information in the record does in fact originate
from its purported source, whether human or machine, and (e) that extraneous information such as
the apparent date of the record is accurate. It also refers to establishing facts such as testimony of
witnesses, expert witness with specimens, and distinctive characteristics (e.g., appearance, content,
substance, pattern, or public records) where the electronic document contains electronic or digital
signatures. Metadata from electronic data is an important source of authentication.

Limitations on Admissibility of Digital Evidence

The very nature of digital evidence raises concerns over admissibility. First, acquisition of volatile
data (live forensics) is tough as it is very difficult to recover this um storage media. Being invisible,
digital evidence is more susceptible to tampering and alteration. This can be avoided by employing
a write blocker. Even then, digital evidence is invalid without the Section 65B IEA certificate.
Thus, strict compliance with Section 65B IEA is mandatory to rely upon websites, emails, and any
other electronic records for both civil and criminal trials before the courts in India. Second, if the
chain of custody is not properly maintained, digital evidence is deemed as tampered evidence.

17
LawTeacher. November 2013. Relevancy and Admissibility of Electronic Evidence. [online]. Available from:
https://www.lawteacher.net/free-law-essays/commercial-law/relevancy-and-admissibility-of-electronic-law-
essays.php?vref=1 [Accessed 15 April 2023]

Page 13 of 18
Though hashing is used to or the integrity of digital evidence, admissibility of computer-generated
electronic records cannot be relied upon solely and can be used as corroborative evidence.

Besides this, the prosecutor and the court should be in touch with the ongoing legal and
technological advancements as electronic evidence has substantial impact during trial. This
necessitates that admissibility The need of the hour in India is to devise a mechanism for ensuring
the veracity of contents of electronics have to be discussed with the court prior to commencement
of trial. records but there is a long way to go.

Presenting digital evidence

Qualified and competent experts (consulting expert, court's expert, and CFE) play a significant
role in maintaining credible reputation of digital evidence. The SOP should be adopted when
digital technology is used for the examination and presentation of evidence.

Presentation of facts after analysing the evidence should include four points, namely (a) what was
done with the evidence; (b) why it was done; (c) how it was done; and (d) what was found as a
result. For instance, it should include, how the evidence, say, a file, is stored in the media, what a
forensic copy is, how was the deleted data recovered from the media, what data was contained in
the Internet history, and so on, depending on the case.

Presenting digital evidence in the court includes the following two important aspects18:

Reporting: It aims at providing a transparent view of the investigative process wherein the final
reports contain important details from each step, including reference to protocols followed and
methods used to seize, document, acquire, preserve, recover, reconstruct, organize, and search for
key evidence. The purpose of reporting is to document and detail each process followed by the
CFE, including even alternative theories, thus demonstrating the independence and objectivity of
the CFE, and his/her investigation.

Testimony: It is necessary that the IO presents his/her findings to a court or other forum. He/She
will have to be able to convey his/her findings and report, first to the court, by giving testimony
viva voce, and second, to stand the scrutiny of cross-examination on his/her report, findings, and
testimony. The issue with digital evidence for the investigator is that he/she may be well versed in

18
Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors (2007).

Page 14 of 18
his/her field, and translate facts that are technical in nature, to a court which is not technically
sound. This necessitates that the evidence be kept concise and understandable.

Investigation process involving digital evidence

The investigation process involving digital evidence and the role played by various authorities is
explained as follows:

1. Complaint from a complainant is a must to set the law into motion.

2. An FIR is filed by the jurisdiction police station and the IO will be nominated.

3. The suspect is located by the 1O. He/She is termed a 'suspect and not an 'accused' until convicted
by a court.

4. The suspected electronic communication device is located by the 1O.

5. Seizure of the electronic communication device by the IO is performed in accordance with the
SOP for the acquisition of evidence. Chain of custody and other documentation are carried out.
Seizure is carried out in the presence of two independent witnesses, who must preferably be
computer-literate. Live evidence, if any, is acquired with the support of the FE. The seized
evidence is packed and sealed in the presence of witnesses.

6. The acquired evidence and the device are presented before the court by the IO.

7. The original evidence and the master copy are preserved in the evidence store to avoid any
alteration.

8. The FE generates a forensic copy of the original evidence once it is handed over to
the forensic lab.

9. The FE performs analysis of the acquired evidence.

10. The FE presents the ER.

11. The FE, IO, and PP organize a pre-trial meeting.

'The PP presents the evidence in the court.

12. The PP faces the trial.

Page 15 of 18
13. An expert witness or the FE may present testimony depending on the case and the offence.

14. The IO presents his/her testimony. He/She may be subjected to direct examination and cross-
examination.

15. Independent witnesses present their testimony. They may witness direct and cross-
examination.

16. The judge may call upon any one of the three for direct examination.

17. The defendant may call upon any of the witnesses for cross-examination.

18. Upon analysing the merits of the case, the presiding officer of the court offers the final verdict
which paves the way for the execution of the law by the court.

Challenges with digital evidence

Some of the challenges experienced with digital evidence are listed here:

1. Digital evidence obtained from a storage media and other components of an ECD is huge. Of
course, not all the information will be useful and relevant. Extracting the right piece of
evidence is the biggest challenge 19.
2. Not all portions of evidence can be collected manually. Certain evidence in the form of logs
in the systems can reveal very little information about the crime. Further, more information
has to be collected by employing appropriate forensic tools. Therefore, a forensic investigator
who is professionally sound should be involved in the collection of evidence.
3. The digital evidence collected should be able to completely map a crime scene which
otherwise would make it worthless and difficult in proving the crime.
4. Digital evidence is more susceptible to alteration and hence appropriate tools should be
employed to ascertain whether it has been modified or valid evidence had been deleted.

Conclusion
Digital technology is becoming widely used in all facets of life, including criminal activity, in
recent years. Technology has advanced quickly, and cybercrimes now pose a significant threat to

19
Eva A. Vincze, Challenges in Digital Forensics, 17 POLICE PRAC. & Res. 183 (2016)

Page 16 of 18
society. Investigations into cybercrime rely heavily on the digital evidence gathered from computer
devices. However, it might be difficult to prove that digital evidence is admissible in Indian courts.
This article seeks to give a general overview of digital evidence's admissibility in cybercrime
investigations in India. In India, digital evidence is essential to the investigation of cybercrime.
The Information Technology Act of 2000 and the Indian Evidence Act, 1872 both regulate the
admissibility of digital evidence. Specific rules for the admissibility of electronic evidence in court
have been established by the Indian Supreme Court. With the proper controls and processes in
place, digital evidence is set to become an essential weapon in India's fight against cybercrime as
the courts there gradually recognize the value of digital evidence in cybercrime cases.

India's courts have recently come to understand the value of digital evidence in cybercrime cases.
Digital evidence is set to play a key role in India's fight against cybercrime if the right policies and
procedures are put in place. This would entail educating judges and law enforcement personnel on
how to utilise and understand digital evidence as well as putting in place the appropriate technical
and legal measures to guarantee the validity and dependability of such evidence.

In conclusion, the acceptance of digital evidence as admissible proof in India is a step in the right
direction in combating the expanding issue of cybercrime. India must keep advancing its legal
system, technology capabilities, and professional knowledge in order to effectively combat
cybercrime.

References
A. Books
a) Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet
by Eoghan Casey
b) Cybercrime and Digital Forensics: An Introduction" by Thomas J. Holt and Adam M.
Bossler
c) Digital Forensics for Cyber Crime Investigation" by K. Jaishankar
d) Textbook on Cyber Law by Pavan Duggal
e) Cyber forensics by Dejey and S. Murugan
f) Cyber Forensics in India by Nishesh Sharma

Page 17 of 18
B. Website/ Journals
a. https://www.researchgate.net/publication/368692167_FORENSICS_AND_DIGITAL_
EVIDENCE_IN_CYBERCRIME_INVESTIGATION
b. https://www.researchgate.net/publication/331991596_ROLE_AND_IMPACT_OF_DI
GITAL_FORENSICS_IN_CYBER_CRIME_INVESTIGATIONS
c. LawTeacher. November 2013. Relevancy and Admissibility of Electronic Evidence.
[online]. Available from: https://www.lawteacher.net/free-law-essays/commercial-
law/relevancy-and-admissibility-of-electronic-law-essays.php?vref=1 [Accessed 15
April 2023]
d. Eva A. Vincze, Challenges in Digital Forensics, 17 POLICE PRAC. & Res. 183 (2016)
e. Dhanesh Desai & Naireen Khan, Cyber Crime: A New Species of Crime, 8 Supremo
Amicus 86 (2018).
f. Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors
(2007).
g. Rita Esen, Cyber Crime: A Growing Problem, 66 J. CRIM. L. 269 (2002)

Page 18 of 18