top of page

Impediment in Preservation of Electronic Evidence: The Winding Way

Written by Nakul Chengappa

Fourth-Year Student at School of Law, Christ University, Bengaluru

Disclaimer: Please note that the views expressed below represent the opinions of the article's author. The following does not necessarily represent the views of Law & Order.


Humankind is in the mindset of a colossal technological revolution where rapid evolution has increasingly embedded itself in our own lives, history, and future.


Technology has seen an influence on all aspects of our lives. It is no exception in the law and criminal justice system, and as a byproduct, forensic tools have worked their way into the domain of criminology. The forensic techniques followed by law enforcement agencies do not meet the perpetrators' knowledge and methods. Unless forensic techniques are enhanced and streamlined procedures are implemented, the threat of mounting acquittals may undermine the socioeconomic fabric of our society. The requirement is acute and imminent, entailing research organizations to step up towards addressing the essential necessity in criminal judicature.

The acquisition of electronic data requires intrinsic cyber forensic analysis. Cyber forensics facilitates database forensics, wireless forensic science, mobile forensics, online forensics, and malware data analysis. The content that has been evaluated could be used as digital testimony in trials or other legal proceedings.

The application of scientifically examining electronic data that has been collected, stored, and analysed whilst retaining the authenticity of the data and preserving its consistency is defined as cyber forensics.

Cyber forensics entails gathering digital information and restoring those data that have already been removed, concealed, or encrypted that should have happened in real-time forensics or research using a mirror image copy or an electronic archive [1]. In a notable incident, cyber forensics was used to determine whether a convict Sumith Handa murdered and burned his wife. He supposedly used the internet and his mobile to see whether the police had discovered any charred bodies [2].

When an IT engineer supposedly murdered his wife in Bangalore, cell phone tower logs and digital forensic analysis were used to establish that he ultimately caused her death [3]. The laptop recovered from the perpetrators in the Parliament attack case comprised multiple bits of evidence that indicated the intentions of two attackers. The Ministry of Home badge was fabricated on a laptop and pasted on the vehicle of a delegate to force entry into Parliament House alongside a fraudulent identity card with a Government of India Emblem and a seal was created on the same laptop by one of the two terrorists in State v. Mohammad Afzal [4].

In Mohd. Ajmal Kasab v. State of Maharashtra [5], the detected cell phone call transcripts of the accused provided the most critical proof of collusion.

It was discovered that the terrorists who targeted the Hotel Oberoi in Mumbai were Pakistani nationals who communicated with their co-conspirators in Pakistan via cell phones on a constant basis during the operation. Phone calls between three numbers attributed solely to the accused and established that these calls were made to a single account, which turned out to be a number for a US company providing VOIP services by the domain name Callphonex. One of the accomplices had used a fictitious name of Kharak Singh to get cellular connectivity through Callphonex and as stated by an FBI agent, Kharak Singh's email account was controlled via IP addresses in Pakistan and Kuwait, along with proxy locations in the United States and Russia. Using the resources of Callphonex, the perpetrators were able to suppress their identities and the coordinates through which calls were being made. The assailants at the Hotel Taj had used a local sim obtained by falsifying identification papers. Terrorists at the Hotel Oberoi and Nariman House stole SIM cards of the victim and used them to make phone calls through their own handheld phones.

E-discovery of Electronic Documents

The principle of e-discovery is yet another relevant concept to be explored. Digital data obtained and submitted during a trial process of any lawsuit is alluded to as e-discovery. It entails gathering, analyzing, and producing electronic data such as emails and accounting software in accordance with confidentiality guidelines of a legal system and the authenticity of an electronic archive is preserved by e-discovery.

Apart from emails and other electronic archives including images, password encrypted data, configured storage devices, disabled and password hashes, and steganographic data are all retrieved from system backups during the investigative process [6].

The inadequacy to retain data is a significant obstacle for effective internet law enforcement. Despite the passage of India's IT (Amendment) Act, 2008, internet service providers and businesses that acquire, retain, or manage private personal information in the course of their business operations should keep logs [7].

In Lorraine v. Markel American Insurance Company [8], Judge Paul W. Grimm decided that all appeals could be rejected without prejudice based on the criteria when electronic evidence is produced it has a probative value and it could be dismissed if it would cause unfair prejudice, such as a delay of a trial, confusing or misleading the jury. As a by-product of the decision Judge Paul W. Grimm held when electronic data evidence is submitted as testimony, it must undergo the following threshold to be admissible:

  • Is the data pertinent?

  • Whether the electronic evidence is bonafide

  • Is it hearsay?

  • Would it be an authentic or a replica, and if it was clone data, does it have admissible secondary evidence to back the claim; and

  • Is its probative value sufficient to endure the touchstone of unjust prejudice?

The above-stated decision by the Chief Magistrate Judge of a District in Maryland was relied upon by our Hon’ble Supreme Court in Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal & Ors. [9], wherein Justice Rohinton Nariman emphasised the fact, whilst the Indian Evidence Act was passed in 1872, the Federal Rules of Evidence was established by order of the Supreme Court of the United States precisely 100 years later, in 1972, and they were enacted with modifications made by Congress which came into effect on July 1, 1975. Nevertheless, the Rules were determined to be inconsistent to cope with novel environments, and a handful of amendments were made, including one in 2017 that contained unique needs pertaining to digital information under Sub-rules (13) [10] and (14) [11] of FRE 902. Several choices have indeed been made accessible to parties intending to rely on electronically stored information as a result of the amendments, one of which is the path created by Sub­-rules (13) and (14) of FRE 902. This evolution of law in the United States illustrates that, unlike in India, the law has kept up with technology to a significant extent.

A short time ago, in India Anvar P.V v. P.K Basheer [12], the apex court heard an appeal filed against an order by the High Court rejecting an election petition on the grounds that the appellant failed to prove the allegations of corruption in the petition and, as a result, the election could not be annulled under Section 100(1)(b) read with Section 123(2)(ii) and (4) of the Representation of the Peoples Act 1951. The court held in this event, in a landmark decision on digital evidence, whereby digital technologies, such as CDs, VCDs, and chips, should be supplemented by a certificate in accordance with Section 65B of the Evidence Act at the time of taking the record. Secondary evidence pertaining to an electronic report is inadmissible if the certificate is not issued.

Furthermore, while reaching a decision of Ambalal Sarabhai Enterprise Ltd. v. KS Infraspace, LLP Ltd. [13], the Supreme Court awarded an injunction under Section 36 of the Specific Relief Act 1963, whereby WhatsApp conversations, alluded to as “virtual conversation”, shall be considered to be admissible as evidence by the court. The context and substance of the virtual communication must be shown via evidence-in-chief and cross-examination during the trial before it may be considered based on the findings in the Anvar P.V [14] case.

Lacunae in Protection of Digital Evidence

The Ministry of Communications and Information Technology has issued the Information Technology (Intermediaries Guideline) Rules, 2011, and mandated all internet service providers to keep electronic records and information which is under investigation for at least 90 days, this duration is far too minimal to gather material information. In the absence of a mandatory data retention period for internet service providers, they often overwrite their data or uninstall the logs at the usual time of the event. It is, therefore, necessary to determine a precise data protection timeframe for internet service providers, in addition to the successful enforcement of cybercrime issues under the IT Act of 2000.

Whilst, law enforcement agencies require testimony from outside India, they use the Mutual Assistance Treaty and Letter Rogatory system, under which a competent court writes a letter to a foreign court, which collects the oral testimony on an individual, orders the production of documents, records the statements, and sends the information to the court that sent the letter of request [15].

Sections 166A and 166B of the Criminal Procedure Code 1973, describe the procedure for requesting evidence from a foreign jurisdiction in order to execute a successful investigation.

Nevertheless, some proceedings take too much time to generate almost none of the effects in terms of electronic proof processing. The Cybercrime Investigation Manual was created in 2011 by the Data Security Council of India, Deloitte, and NASSCOM to act as standardized tenets for the scientific processing of forensic data in order to enable data breach investigations [16]. Nevertheless, comprehensive revised official cyber forensics guidelines are yet to be formalized.


Insomuch as the rules governing the procedures are much broader and more complicated, the preservation of digital information is a task that requires a lot of commitment from any person involved in investigative activity. As computers get smaller, quicker, and less expensive, they are increasingly integrated within larger networks in less visible ways, allowing information to be generated, stored, interpreted, and shared in nearly unprecedented ways. As a result, digital data will appear in unusual ways and in unexpected formats. Digital data would be much more complex to obtain, interpret, and address in terms of the fact finders and shall comprehend to use as facilities to become more instrumented from external scanning to remote regulation of heart rhythms. The primary purpose of law enforcement has not changed, but crimes are being committed in new ways. To protect the liberties that all Indians possess, evidence of criminal wrongdoing must also be preserved, examined, and evaluated in a meticulously desired manner in order to prove the innocence or guilt of a wrongdoer.

This article has brought up a host of concerns associated with digital forensics professionalism and e-evidence preservation. It is recommended, in order to uphold the legitimacy of digital forensics as a specialty, technical challenges of digital forensics should be elevated as a priority and addressed; this is projected that throughout the future, digital forensics professionals and regulators will demand appropriate qualifications and accreditation. The method wherein the industry handles technical and credential matters needs to be addressed and formalized in a comprehensive approach. It is henceforth proposed specialist associations, professionals, individuals engaged with the criminal justice, and law enforcement agencies collaborate to develop a feasible and functional framework.


[1] Sommer, Peter Downloads, Logs and Captures “Evidence From Cyberspace”, Computer Security Research Center, London School Of Economics and Political science, the Journal of Financial Crime (1997) 5 JFC pp.138/153. Available at: http// dload01.pdf. (accessed in May 2021)

[2] See Narayan, Shalini “Handa denies wife’s murder to her family”, available at http// (accessed in May, 2021)

[3] See “Killer Spouses: Divorce is an option not murder”, available at (accessed in May, 2021)

[4] 107 (2003) DLT 385

[5] 2012 (9) SCC 1

[6] Brown, Toby ‘Electronic Discovery Basics’, RI Bar Journal, Vol.52, p.7 (July/August, 2003), Linda G Sharp, ‘Restoration Drama, The Complexity of Electronic Discovery Requires Practitioners to Master New Litigation Skills’, LA Law Vol.52, p.31 (October, 2005)

[7] See Section 43A IT Act, 2000 read with Section 67 C IT Act, 2000.

[8] PWG-06-1893

[9] AIR 2020 SC 4908

[10] Rule 902(13): Certified Records Generated by an Electronic Process or System.

[11] Rule 902(14): Certified Data Copied from an Electronic Device, Storage Medium, or File.

[12] AIR 2015 SC 180

[13] (2020) 5 SCC 410

[14] Ibid., 12

[15] Available at: (accessed in June, 2021)

[16] DSCI, “India’s First Cyber Crime Investigation Manual”, 8th March, 2011, available at: (accessed in June, 2021)

bottom of page