The increasing plethora of Digital Devices across the world has emerged the
issue of digital security and thereby increasing the huge number of crimes in
the cyber world. Digital Forensics is a way of collecting evidence that requires
the usage of apt forensic tools and technical knowledge which play an important
part in the Administration of Justice relating to digital crimes.
Confidentiality of Evidence is a very dynamic and intricate process.
In the absence of sufficient evidence even the Judiciary is helpless to deliver
justice, hence Digital Forensics plays a vital role in the technologically
advancing era. Embedded endurance strategy needs sophisticated thinking at the
Micro level (people, network, systems) as well as the Macro level
(Organizational). The growing use of social sites and dependence on digital
methods for e-payment have emerged the crimes of credit card scams and hacking
Hackers have been able to break the security and were able to break through the
secured systems of Banks, Organizations, and many more. The laws related to
Information Technology are not so strong, only a few provisions carry strong
penal provisions. The Information Technology Act, of 2000 was a breakthrough but
still needs improvement.
As new crimes like Credit Card scams, WhatsApp scams, UPI Frauds, Remote Access
Screen sharing Frauds, Scams using QR Codes and the list goes on, there is a
strong need to update the existing laws and techniques to find the digital
evidence and the Digital Forensics can play a vital role. The present Paper will
cover the issues and challenges in the Cyber World and the Role of Digital
Forensics in the administration of justice in the present era.
Digital forensics sometimes known as 'digital forensic science' is a branch
of forensic science encompassing the recovery, investigation, examination, and
analysis of material found in digital devices, often in relation to mobile
devices and computer crime. The term "digital forensics" was originally used as
a synonym for computer forensics but has expanded to cover the investigation of
all devices capable of storing digital data. This field started growing with
the usage of electronic devices viz. computer, mobile, internet, etc.
Thus, Digital Forensics can be defined as the process of preservation,
identification, extraction, and documentation of sound computer evidence that
can be used by a court of law. It is the science of finding evidence from
digital media like a computer, mobile phone, server, or network. It provides the
forensic team with the best techniques and tools to solve complicated
The concept of Digital Evidence was incepted from the legal process. Electronic
evidence is a component of almost all criminal activities and digital forensics
support is crucial for law enforcement investigations. Electronic evidence can
be collected from a wide array of sources, such as computers, smartphones,
remote storage, unmanned aerial systems, shipborne equipment, and more. The main
goal of digital forensics is to extract data from the electronic evidence,
process it into actionable intelligence and present the findings for
prosecution. All processes utilize forensic techniques to ensure the findings
are admissible in court.
For the identification of the exact source of cybercrime, the very first
requirement is to uniquely identify each device present in the network forensics
protocol that ensures tracking up to the true source of digital evidence by
collecting beforehand forensically sound evidence and the protocol can collect
target data from the device in the form of a device fingerprint.
There are basically five steps involved in this process, first is the
identification, the purpose of the investigation and the resource required for
the same. Experts need to see What, Where and How the data is stored. The second
step is securing and preserving the data. This step includes preventing people
from using the digital device so as to save the device from tempering. The third
step is analyzing, the identification of tools and techniques need to be
identified for processing data and interpreting the results in this
step. However, it might take numerous iterations of examination to support a
specific crime theory.
The fourth step is documentation of the crime scene, a record of all the visible
data must be created. It helps in recreating the crime scene and reviewing it.
It involves proper documentation of the crime scene, sketching, and crime-scene
mapping along with pictures and graphs. The last step is arranging and
presentation of the digital evidence so collected. However, it should be written
in layperson's terms using abstracted terminologies. All abstracted
terminologies should reference specific details.
The varied branches of the field largely explain the distributed nature of
evidence to be collected when a computer/cybercrime is reported or suspected to
have been perpetrated. In evidence law, digital evidence or electronic evidence
is any probative information stored or transmitted in digital form that a party
to a court case may use at trial. To be admissible in the court, a piece of
evidence must be relevant and its probative value must outweigh any prejudicial
Issue/cybercrimes along with their indicative explanation in India
SIM Swap Scam
- Child Pornography/ Child Sexually Abusive Material
Child sexually abusive material (CSAM) refers to material containing the sexual
image in any form, of a child who is abused or sexually exploited. Section 67
(B) of the IT Act states that "it is punishable for publishing or transmitting
of material depicting children in the sexually explicit act, etc. in electronic
- Cyber Bullying
A form of harassment or bullying inflicted through the use of electronic or
communication devices such as computer, mobile phone, laptop, etc.
Cyberstalking is the use of electronic communication by a person to follow a
person, or attempts to contact a person to foster personal interaction
repeatedly despite a clear indication of disinterest by such person; or monitors
the internet, email or any other form of electronic communication commits the
offense of stalking.
- Cyber Grooming
Cyber Grooming is when a person builds an online relationship with a young
person and tricks or pressures him/ her into doing a sexual act.
- Job Fraud
Online Job Fraud is an attempt to defraud people who are in need of employment
by giving them false hope/ promise of better employment with higher wages.
Online Sextortion occurs when someone threatens to distribute private and
sensitive material using an electronic medium if he/ she doesn't provide images
of a sexual nature, sexual favours, or money.
Vishing is an attempt where fraudsters try to seek personal information like
Customer ID, Net Banking password, ATM PIN, OTP, Card expiry date, CVV etc.
through a phone call.
Sexting is an act of sending sexually explicit digital images, videos, text
messages, or emails, usually by cell phone.
Smishing is a type of fraud that uses mobile phone text messages to lure victims
into calling back on a fraudulent phone number, visiting fraudulent websites or
downloading malicious content via phone or web.
SIM Swap Scam occurs when fraudsters manage to get a new SIM card issued against
a registered mobile number fraudulently through the mobile service provider.
With the help of this new SIM card, they get One Time Password (OTP) and alerts,
required for making financial transactions through victim's bank account.
Getting a new SIM card against a registered mobile number fraudulently is known
as SIM Swap.
Credit card (or debit card) fraud
Credit card (or debit card) fraud involves an unauthorized use of another's
credit or debit card information for the purpose of purchases or withdrawing
funds from it.
Impersonation and identity theft
Impersonation and identity theft is an act of fraudulently or dishonestly making
use of the electronic signature, password or any other unique identification
feature of any other person.
Phishing is a type of fraud that involves stealing personal information such as
Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc.
through emails that appear to be from a legitimate source.
Spamming occurs when someone receives an unsolicited commercial messages sent
via email, SMS, MMS and any other similar electronic messaging media. They may
try to persuade recepient to buy a product or service, or visit a website where
he can make purchases; or they may attempt to trick him/ her into divulging bank
account or credit card details.
Ransomware is a type of computer malware that encrypts the files, storage media
on communication devices like desktops, Laptops, Mobile phones etc., holding
data/information as hostage. The victim is asked to pay the demanded ransom to
get his device decrypted.
A computer Virus is a program written to enter to your computer and damage/alter
your files/data and replicate themselves.
Worms are malicious programs that make copies of themselves again and again on
the local drive, network shares, etc.
A Trojan horse is not a virus. It is a destructive program that looks as a
genuine application. Unlike viruses, Trojan horses do not replicate themselves
but they can be just as destructive. Trojans open a backdoor entry to your
computer which gives malicious users/programs access to your system, allowing
confidential and personal information to be theft.
A data breach is an incident in which information is accessed without
Denial of Services (DoS) attack is an attack intended for denying access to
computer resources without the permission of the owner or any other person who
is in charge of a computer, computer system, or computer network. A Distributed
Denial of Service (DDoS) attack is an attempt to make an online service
unavailable by overwhelming it with traffic from multiple sources.
Website Defacement is an attack intended to change the visual appearance of a
website and/ or make it dysfunctional. The attacker may post indecent, hostile,
and obscene images, messages, videos, etc.
Cyber-Squatting is an act of registering, trafficking in or using a domain name
with the intent to profit from the goodwill of a trademark belonging to someone
Pharming is a cyber-attack aiming to redirect a website's traffic to another,
Cryptojacking is the unauthorized use of computing resources to mine
Online Drug Trafficking
Online Drug Trafficking is the crime of selling, transporting, or illegally
importing unlawful controlled substances, such as heroin, cocaine, marijuana, or
other illegal drugs using electronic means.
Espionage is the act or practice of obtaining data and information without the
permission and knowledge of the owner.
Digital Crime and Digital Forensic in India
The bed lock of digital forensics started in the 1840s when Hans Gross
(1847-1915) used scientific studies in a criminal investigation. Later in 1942,
Forensic Bureau Investigation (FBI) in the USA established a forensic laboratory
to provide forensic services to all local authorities. In 1978, after the
first-ever computer crime happened, Florida Computer Crime Act came in to force.
In 1992, the term 'Computer Forensics' was used for the first time in
This helped in the establishment of the International organization
on Computer Evidence (IOCE) in 1995. Computer forensics came to its prominence
in the year 2000 with the foundation of the first Regional computer forensic
laboratory by the FBI. Consequently, the first book on Computer Forensics by the
Scientific Working group on digital evidence (SWGDE), called "Best Practices for
Computer Forensics" was published in the year 2002. In 2010, Simson Garfinkel
incorporated digital evidence in the forensic investigation processes.
As far as
Digital forensics in India is concerned, the evolutionary process has been slow.
In India, there is not even a single codified statute or law which deals with
Computer forensics. The reason can be the fact that technology law is still in
its nascent stage in India. There are no regulations and rules governing digital
forensics, so if someone wants to become a cyber forensic, he has to complete a
certified course on digital forensics after finishing his graduation.
not a single organization that governs the profession of digital forensics in
India. The prime use of digital forensics in India is to deliver justice and
solve complicated cases involving digital complexities. Hence, it becomes very
essential to make a regulatory body that can see if the people in the profession
are actually qualified enough to perform and manage this task. Most of the time,
the court of law has to be dependent upon data and evidence which are gathered
from the investigation of digital media.
The reason for the same is the fact
that most people now have access to the internet which as a result is also
increasing the number of crimes involving digital media. For example, If a woman
is getting blackmailed on a messaging app, then the most effective way of
proving it in court will be to give evidence, which in such cases, most of the
time is in digital forms. The right to privacy is a fundamental right guaranteed
under the constitution of India.
There is a chance of privacy infringement when
the data in electronic forms are provided to forensic science analysts. It is
reasonable to consider that forensic investigators should have the right to
access all the data which can be helpful in tracking down the offender. But most
of the time, the investigator also takes all the confidential information which
is not needed for the case. So, the hazard of exploiting privacy is always there
in the case of a digital forensics investigation.
Analogies can be made to the
controversial Aadhar Card case when UDIAI collected all the information from the
citizens of India on the behalf of the government. In such cases, if an
unauthorized person gets access to the password, username, PIN, or any other
such required information because of the forensic science analyst, then it will
not be difficult for them to maneuver the account and use it for illegal
In India, although the population is from different economic classes, yet the
use of electronic devices is very popular amongst all age groups. The pandemic
of COVID 19 has given rise to the use of e-methods be it education or
work-from-home culture. Be it a child of 3 years or a man of 90 can easily be
seen using a mobile phone, tablet, iPod, and laptop to name a few.
According to National Investment Promotion and Facilitation Agency, India is one
of the largest consumer electronics markets in the Asia Pacific Region and the
world's fastest-growing industry, Electronics System Design, and Manufacturing (ESDM)
continues to transform lives, businesses, and economies across the globe. The
global electronic devices market is estimated at $ 2.9 Tn in 2020. India's share
in the global electronic systems manufacturing industry has grown from 1.3% in
2012 to 3.6% in 2019.
India's exports are set to increase rapidly from $10 Bn in 2021 to $120 Bn in
2026. India's domestic production in electronics has increased from $ 29 Bn in
2014-15 to $ 67 Bn in 2020-21. Production of mobile handsets is further slated
to increase in value from $30 Mn in 2021 to $ 126 Mn in 2026. India produces
roughly 10 mobile phones per second which amounts to $950 worth of production
every second. India's semiconductor market is expected to increase from $15 Bn
in 2020 to $110 Bn in 2030, growing at a CAGR of 22%. Technology transitions
such as the rollout of 5G networks and Internet of Things are driving the
accelerated adoption of electronics products. Initiatives such as 'Digital
India' and 'Smart City' projects have raised the demand for IoT in the
electronics devices market and will undoubtedly usher in a new era for
electronic products. India is expected to have a digital economy of $1 Tn by
With this emerging number of users of electronic devices, emerges crime related
to electronic devices. It creates a big challenge for evidence collection as we
require expertise in the field who are equipped with the latest technology,
legal procedure, and forensics know-how.
India reported 52,974 cases of cybercrime in 2021, an increase of over 5 percent
from 2020 (50,035 cases) and over 15 percent from 2019 (44,735 cases), according
to the latest government data. Over 70 percent of the cybercrime cases were
reported from Telangana, Uttar Pradesh, Karnataka, Maharashtra, and Assam, the
National Crime Records Bureau's (NCRB) 'Crime In India 2021' report showed. The
average rate of cybercrime incidents (per one lakh population) was recorded at
3.9 in the country in 2021, stated the NCRB, which functions under the Ministry
of Home Affairs. The charge-sheeting rate in cybercrime cases in 2021 was
recorded at 33.8, the report showed, suggesting that the police probe was
completed only in one-third of the cases registered across the country.
In India, the point of consideration is the legal and judicial systems and their
functioning which seems to be outmoded. With the rise of cyber-crimes, there is
a need to change the current policies and built a new techno-legal framework to
fight cyber-crime with the use of the latest forensic technologies. Crimes like
email spoofing and Facebook account hacking are very common in India but due to
weak legal implications and poor law enforcement, the criminals are set free to
commit more crimes.
The cyber-crime conviction rate is very low in India,
whereas cyber-crimes have continuously surged in India. Cyber-attacks in India
are done by other countries like the USA, UAE, Pakistan, Nigeria, Saudi Arabia,
etc. Crimes like email fraud, phishing, credit/debit card fraud, viruses,
identity theft, etc. are very prevalent in India. There is a need of having
strong cyber law monitoring and stringent cyber security. However, this can be
achieved only if there is a decent digital infrastructure available with the
Types of Digital Forensics
Some types of digital forensics are as follows:Disk Forensics:
It deals with extracting data from storage media by searching active, modified,
or deleted files.
It is a sub-branch of digital forensics. It is related to monitoring and
analysis of computer network traffic to collect important information and legal
It is a division of network forensics. The main aim of wireless forensics is to
offer the tools need to collect and analyze the data from wireless network
It is a branch of digital forensics relating to the study and examination of
databases and their related metadata.
This branch deals with the identification of malicious code, to study their
payload, viruses, worms, etc.
Deals with recovery and analysis of emails, including deleted emails, calendars,
It deals with collecting data from system memory (System Registers, Cache, RAM)
in raw form and then carving the data from the Raw dump.
Mobile Phone Forensics:
It mainly deals with the examination and analysis of mobile devices. It helps to
retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS,
Audio, videos, etc.
Indian Government Initiatives
Information Technology Act 2000 (Amended 2008)
The Information Technology (IT) Act of 2000 was passed in the budget session of
parliament and endorsed by President K.R. Narayanan in 2000. The IT Act, 2000
spreads across 13 chapters and 4 schedules (2 of which have been omitted). The
act provides legal recognition of authenticating electronic records by digital
and electronic signatures. It lays down provisions for e-governance and
e-records. It provides procedures to secure electronic signatures. It then goes
on to mention the penalties, compensation, and the kind of adjudicating system
that will be followed if any discrepancy arises under this act. The act further
lays down the provisions of constituting an appellate tribunal and the kinds of
offenses that this act has the authority to look into.
The Information Technology Act, of 2000, serves as a useful illustration of the
dearth of dynamism in digital rule-making in India. Though it forms the
legislative bedrock of the country's online edifice, it has only been
significantly amended once in 2008
In 2008, augmentations extended the meaning of "specialized gadgets" to
incorporate cell phones and to reflect current use; validate electronic
signatures and contracts; making the owner of a given IP address responsible for
content accessed or distributed through it. Punishments range from detainment
for a term that may extend to three years and a fine. Offenses that happen in a
corporate setting can bring about additional managerial punishments and
regulatory observations that can demonstrate difficulty in working together.
To summarise, the new Indian IT Act attempts to catch a few viewpoints managing
individual information protection, Blackhat hacking, and digital illegal
intimidation. Be that as it may, a solid and directed execution instrument is
needed to moderate the prospects of the Act's abuse. It applies to organizations
that work together in India. This incorporates substances, enrolled in India,
re-appropriate there, and keeping up with servers inside the nation's lines. The
demonstration covers activity of any kind including web trades and electronic
records. It is said that the Information Technology Act, of 2000 has been
adequately able to handle the challenges which are posed by the rapidly changing
internet and information.
Over the last few years, India has emerged as a leading innovator when it comes
to technological advancements and a primary market in the digital space.
At the same time, there had been raging concerns on aspects relating to data
security and safeguarding the privacy of 130 crore Indians, such concerns also
pose a threat to the sovereignty and security of our country. The Ministry of
Information Technology received many complaints from various sources including
several reports about the misuse of some mobile apps available on Android and
iOS platforms for stealing and surreptitiously transmitting users' data in an
unauthorized manner to servers that have locations outside India. The
compilation of these data, it's mining, and profiling by elements hostile to the
national security and defense of India, which ultimately impinges upon the
sovereignty and integrity of India, is a matter of very deep and immediate
concern which requires emergency measures.
The Indian Cyber Crime Coordination Centre, Ministry of Home Affairs sent an
exhaustive recommendation for blocking these malicious apps. The Computer
Emergency Response Team (CERT-IN) has received many representations from
citizens regarding the security of data and breach of privacy impacting public
Likewise, there have been similar bipartisan concerns, flagged by
various public representatives, both outside and inside the Parliament of India.
There has been a strong chorus in the public space to take strict action against
Apps that harm India's sovereignty as well as the privacy of our citizens. On
the basis of these and upon receiving credible inputs that such Apps pose threat
to the sovereignty and integrity of India, the Government of India disallowed
the usage of 59 Apps, used in both mobile and non-mobile Internet-enabled
This move safeguarded the interests of crores of Indian mobile and internet
users. This decision was a targeted move to ensure the safety and sovereignty of
National Cyber Crime Reporting Portal
This portal is an initiative of the Government of India to facilitate
victims/complainants to report cybercrime complaints online. This portal caters
to complaints pertaining to cyber crimes only with a special focus on cyber
crimes against women and children. Complaints reported on this portal are dealt
with by law enforcement agencies/ police based on the information available in
the complaints. It is imperative to provide correct and accurate details while
filing the complaint for prompt action. A person can also contact local police
in case of an emergency or for reporting crimes other than cyber crimes. The
national police helpline number is 112 and the national women's helpline number
is 181 while Cyber Crime Helpline is 1930.
Government of India Ministry of Electronics and IT to promote e-Governance for
empowering citizens, promoting the inclusive and sustainable growth of the
Electronics, IT & ITeS industries, enhancing India's role in Internet
Governance, adopting a multipronged approach that includes the development of
human resources, promoting R&D and innovation, enhancing efficiency through
digital services and ensuring secure cyberspace has taken following initiatives:
- e-Government: Providing e-infrastructure for the delivery of e-services
- e-Industry: Promotion of electronics hardware manufacturing and IT-ITeS industry
- e-Innovation / R&D: Implementation of R&D Framework - Enabling creation of Innovation/ R&D Infrastructure in emerging areas of ICT&E/Establishment of mechanism for R&D translation
- e-Learning: Providing support for the development of e-Skills and Knowledge network
- e-Security: Securing India's cyberspace
- e-Inclusion: Promoting the use of ICT for more inclusive growth
- Internet Governance: Enhancing India's role in Global Platforms of Internet Governance.
The Ministry of Electronics and Information Technology (MeitY) has notified the
Information Technology (Intermediary Guidelines and Digital Media Ethics Code)
Rules,2021 (referred to as "IT Rules, 2021") on 25th February 2021. The goals of
these rules are to ensure an Open, Safe & Trusted, and Accountable Internet for
all Indian Internet Users and Digital Nagriks. These rules have succeeded in
creating a new sense of accountability amongst Intermediaries to their users,
especially within Big Tech platforms.
However, as the digital ecosystem and connected Internet users in India expand,
so do the challenges and problems faced by them, as well as some of the
infirmities and gaps that exist in the current rule vis-a-vis the Big Tech
platform. Therefore. New amendments have been proposed to the IT Rules 2021, to
address these challenges and gaps.
As a part of the pre-legislative consultation
process, a copy of the aforesaid draft amendment to the IT Rules 2021 has been
uploaded on the website of the Ministry of Electronics and Information
Technology (www.meity.gov.in) for public feedback and input. These are being
offered for public consultation and comments from all stakeholders inviting
feedback on the draft amendment to the IT (Intermediary Guidelines and Digital
Media Ethics Code) Rules, 2021 relating to due diligence by an intermediary
under rule 3(1)(b)(v).
Digital Forensics and International Laws
Since 2000, in response to the need for standardization, various bodies, and
agencies have published guidelines for digital forensics. The Scientific Working
Group on Digital Evidence (SWGDE) produced a 2002 paper, Best practices for
Computer Forensics, this was followed, in 2005, by the publication of an ISO
standard (ISO 17025, General requirements for the competence of testing and
A European-led international treaty, the Convention
on Cybercrime, came into force in 2004 with the aim of reconciling national
computer crime laws, investigative techniques, and international cooperation The
treaty has been signed by 43 nations (including the US, Canada, Japan, South
Africa, UK, and other European nations) and ratified by 16. The issue of
training also received attention. Commercial companies (often forensic software
developers) began to offer certification programs, and digital forensic analysis
was included as a topic at the UK specialist investigator training facility,
In the late 1990s, mobile devices became more widely available, advancing beyond
simple communication devices, and were found to be rich forms of information,
even for crime not traditionally associated with digital forensics. Despite
this, digital analysis of phones has lagged behind traditional computer media,
largely due to problems over the proprietary nature of devices. Focus has also
shifted to internet crime, particularly the risk of cyber warfare and
A February 2010 report by the United States Joint Forces Command concluded the
following: Through cyberspace, enemies will target industry, academia,
government, as well as the military in the air, land, maritime, and space
domains. In much the same way that airpower transformed the battlefield of World
War II, cyberspace has fractured the physical barriers that shield a nation from
attacks on its commerce and communication.
The field of digital forensics still
faces unresolved issues. A 2009 paper, "Digital Forensic Research: The Good, the
Bad and the Unaddressed" by Peterson and Shenoi, identified a bias towards
Windows operating systems in digital forensics research. In 2010, Simson
Garfinkel identified issues facing digital investigations in the future,
including the increasing size of digital media, the wide availability of
encryption to consumers, a growing variety of operating systems and file
formats, an increasing number of individuals owning multiple devices, and legal
limitations on investigators. The paper also identified continued training
issues, as well as the prohibitively high cost of entering the field.
Forensic backlogs are an increasing concern for many law enforcement agencies.
Agencies must shift from simply collecting digital evidence to effectively
analyzing the digital evidence collected. Media analysis is time-intensive and
requires training to ensure that all pieces of evidentiary value are identified
Another problem is that the sheer volume of data or evidence files collected
makes it difficult for agencies to keep up with the output. For example, a
single cyber-crime investigation can result in hundreds of gigabytes of data,
which can be captured and preserved, but not analyzed in a timely manner. This
creates a forensic backlog that affects the lives of victims, is costly to the
agency, and can hinder the prosecution's case against the offender. The solution
is to utilize automated media exploitation tools that can process large volumes
of data in a timely manner without requiring extensive expertise.
As a law enforcement officer, the forensic backlog problem can be a significant
challenge. With the right approach and technology, it's possible to reduce your
backlog and improve the overall efficiency of your forensic processes. In this
article, we look at key strategies that can be used to reduce forensic backlogs
and allow law enforcement to make the best use of their resources.
One key strategy that can be used to reduce forensic backlogs is by adopting an
evidence-based approach to decision-making. This means that when considering
which cases to prioritize, you should base your decisions on the evidence
available. By doing this, you can ensure that you are focusing your efforts on
the cases that are most likely to result in a conviction.
Another strategy that can be used to reduce forensic backlogs is by investing in
technology. For example, you may want to consider investing in a digital
evidence management system. This type of system can help you to streamline your
evidence-gathering and processing, which can save you time in the long run.
Finally, it's also important to focus on training and education. By ensuring
that your staff is properly trained in the latest forensic techniques, you can
make sure that they can work efficiently and effectively. This can ultimately
save you time and money, and help to reduce your forensic backlogs.
By following these key strategies, you can make a significant impact on your
forensic backlogs. By taking an evidence-based approach, investing in
technology, and focusing on training and education, you can help to streamline
your processes and save time and resources.
Shreya Singhal Vs UOI In the instant case, the validity of Section 66A of the IT Act was challenged
before the Supreme Court.
Facts: Two women were arrested under Section 66A of the IT Act after they posted
allegedly offensive and objectionable comments on Facebook concerning the
complete shutdown of Mumbai after the demise of a political leader. Section 66A
of the IT Act provides punishment if any person using a computer resource or
communication, such information which is offensive, false, or causes annoyance,
inconvenience, danger, insult, hatred, injury, or ill will.
The women, in response to the arrest, filed a petition challenging the
constitutionality of Section 66A of the IT Act on the ground that it is
violative of the freedom of speech and expression.
Decision: The Supreme Court based its decision on three concepts namely:
discussion, advocacy, and incitement. It observed that mere discussion or even
advocacy of a cause, no matter how unpopular, is at the heart of the freedom of
speech and expression. It was found that Section 66A was capable of restricting
all forms of communication and it contained no distinction between mere advocacy
or discussion on a particular cause which is offensive to some and incitement by
such words leading to a causal connection to public disorder, security, health,
and so on.
In response to the question of whether Section 66A attempts to protect
individuals from defamation, the Court said that Section 66A condemns offensive
statements that may be annoying to an individual but not affecting his
However, the Court also noted that Section 66A of the IT Act is not violative of
Article 14 of the Indian Constitution because there existed an intelligible
difference between information communicated through the internet and through
other forms of speech. Also, the Apex Court did not even address the challenge
of procedural unreasonableness because it is unconstitutional on substantive
Shamsher Singh Verma v. State of HaryanaIn this case, the accused preferred an appeal before the Supreme Court after the
High Court rejected the application of the accused to exhibit the Compact Disc
filed in defense and to get it proved from the Forensic Science Laboratory.
The Supreme Court held that a Compact Disc is also a document. It further
observed that it is not necessary to obtain admission or denial concerning a
document under Section 294 (1) of CrPC personally from the accused, the
complainant, or the witness.
Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr. Facts: The subscriber purchased a Reliance handset and Reliance mobile services
together under the Dhirubhai Ambani Pioneer Scheme. The subscriber was attracted
by better tariff plans of other service providers and hence, wanted to shift to
other service providers. The petitioners (staff members of TATA Indicom) hacked
the Electronic Serial Number (hereinafter referred to as "ESN"). The Mobile
Identification Number (MIN) of Reliance handsets were irreversibly integrated
with ESN, programming of ESN made the device would be validated by
Petitioner's service provider and not by Reliance Infocomm.
Questions before the Court:
- Whether a telephone handset is a "Computer" under Section 2(1)(i) of the
- Whether manipulation of ESN programmed into a mobile handset amounts to an
alteration of source code under Section 65 of the IT Act?
(i) Section 2(1)(i) of the IT Act provides that a "computer" means any
electronic, magnetic, optical, or other high-speed data processing device or
system which performs logical, arithmetic, and memory functions by manipulations
of electronic, magnetic, or optical impulses, and includes all input, output,
processing, storage, computer software or communication facilities which are
connected or related to the computer in a computer system or computer network.
Hence, a telephone handset is covered under the ambit of "computer" as defined
under Section 2(1)(i) of the IT Act.
(ii) Alteration of ESN makes exclusively used handsets usable by other service
providers like TATA Indicomm. Therefore, alteration of ESN is an offence under
Section 65 of the IT Act because every service provider has to maintain its own
SID code and give its customers a specific number to each instrument used to
avail the services provided. Therefore, the offence registered against the
petitioners cannot be quashed with regard to Section 65 of the IT Act.
- Shankar v. State Rep
Facts: The petitioner approached the Court under Section 482, CrPC to quash the
charge sheet filed against him. The petitioner secured unauthorized access to
the protected system of the Legal Advisor of the Directorate of Vigilance and
Anti-Corruption (DVAC) and was charged under Sections 66, 70, and 72 of the IT
Decision: The Court observed that the charge sheet filed against the petitioner
cannot be quashed with respect to the law concerning the non-granting of
sanction of prosecution under Section 72 of the IT Act.
Christian Louboutin SAS v. Nakul Bajaj & Ors.Facts: The Complainant, a Luxury shoes manufacturer filed a suit seeking an
injunction against an e-commerce portal www.darveys.com for indulging in a
Trademark violation with the seller of spurious goods.
The question before the Court was whether the defendant's use of the plaintiff's
mark, logos, and image are protected under Section 79 of the IT Act.
Decision: The Court observed that the defendant is more than an intermediary on
the ground that the website has full control over the products being sold via
its platform. It first identifies and then promotes third parties to sell their
products. The Court further said that active participation by an e-commerce
platform would exempt it from the rights provided to intermediaries under
Section 79 of the IT Act.
Avnish Bajaj v. State (NCT) of DelhiFacts: Avnish Bajaj, the CEO of Bazee.com was arrested under Section 67 of the
IT Act for the broadcasting of cyber pornography. Someone else had sold copies
of a CD containing pornographic material through the bazee.com website.
Decision: The Court noted that Mr. Bajaj was nowhere involved in the
broadcasting of pornographic material. Also, the pornographic material could not
be viewed on the Bazee.com website. But Bazee.com receives a commission from the
sales and earns revenue for advertisements carried on via its web pages.
The Court further observed that the evidence collected indicates that the
offence of cyber pornography cannot be attributed to Bazee.com but to some other
person. The Court granted bail to Mr. Bajaj subject to the furnishing of 2
sureties Rs. 1 lakh each. However, the burden lies on the accused that he was
merely the service provider and does not provide content.
State of Tamil Nadu v. Suhas KattiThe instant case is a landmark case in the Cyber Law regime for its efficient
handling made the conviction possible within 7 months from the date of filing
Facts: The accused was a family friend of the victim and wanted to marry her but
she married another man which resulted in a Divorce. After her divorce, the
accused persuaded her again and on her reluctance to marrying him, he took the
course of harassment through the Internet. The accused opened a false e-mail
account in the name of the victim and posted defamatory, obscene, and annoying
information about the victim.
A charge-sheet was filed against the accused person under Section 67 of the IT
Act and Section 469 and 509 of the Indian Penal Code, 1860.
Decision: The Additional Chief Metropolitan Magistrate, Egmore convicted the
accused person under Section 469 and 509 of the Indian Penal Code, 1860 and
Section 67 of the IT Act. The accused was subjected to the Rigorous Imprisonment
of 2 years along with a fine of Rs. 500 under Section 469 of the IPC, Simple
Imprisonment of 1 year along with a fine of Rs. 500 under Section 509 of the IPC,
and Rigorous Imprisonment of 2 years along with a fine of Rs. 4,000 under
Section 67 of the IT Act.
CBI v. Arif Azim (Sony Sambandh case)A website called www.sony-sambandh.com enabled NRIs to send Sony products to
their Indian friends and relatives after online payment for the same.
In May 2002, someone logged into the website under the name of Barbara Campa and
ordered a Sony Colour TV set along with a cordless telephone for one Arif Azim
in Noida. She paid through her credit card and the said order was delivered to
Arif Azim. However, the credit card agency informed the company that it was an
unauthorized payment as the real owner denied any such purchase.
A complaint was therefore lodged with CBI and further, a case under Sections
418, 419, and 420 of the Indian Penal Code, 1860 was registered. The
investigations concluded that Arif Azim while working at a call center in Noida,
got access to the credit card details of Barbara Campa which he misused.
The Court convicted Arif Azim but being a young boy and a first-time convict,
the Court's approach was lenient towards him. The Court released the convicted
person on probation for 1 year. This was one among the landmark cases of Cyber
Law because it displayed that the Indian Penal Code, 1860 can be an effective
legislation to rely on when the IT Act is not exhaustive.
Pune Citibank Mphasis Call Center FraudFacts: In 2005, US $ 3,50,000 were dishonestly transferred from the Citibank
accounts of four US customers through the internet to few bogus accounts. The
employees gained the confidence of the customer and obtained their PINs under
the impression that they would be a helping hand to those customers to deal with
difficult situations. They were not decoding encrypted software or breathing
through firewalls, instead, they identified loopholes in the MphasiS system.
Decision: The Court observed that the accused in this case are the ex-employees
of the MphasiS call center. The employees there are checked whenever they enter
or exit. Therefore, it is clear that the employees must have memorized the
numbers. The service that was used to transfer the funds was SWIFT i.e. society
for worldwide interbank financial telecommunication. The crime was committed
using unauthorized access to the electronic accounts of the customers. Therefore
this case falls within the domain of 'cyber crimes". The IT Act is broad enough
to accommodate these aspects of crimes and any offense under the IPC with the
use of electronic documents can be put at the same level as the crimes with
The court held that section 43(a) of the IT Act, 2000 is applicable because of
the presence of the nature of unauthorized access that is involved to commit
transactions. The accused were also charged under section 66 of the IT Act, 2000
and section 420 i.e. cheating, 465,467 and 471 of The Indian Penal Code, 1860.
SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh KwatraFacts: In this case, Defendant Jogesh Kwatra was an employee of the plaintiff's
company. He started sending derogatory, defamatory, vulgar, abusive, and filthy
emails to his employers and to different subsidiaries of the said company all
over the world to defame the company and its Managing Director Mr. R K Malhotra.
In the investigations, it was found that the email originated from a Cyber Cafe
in New Delhi. The Cybercaf� attendant identified the defendant during the
enquiry. On 11 May 2011, Defendant was terminated of the services by the
Decision: The plaintiffs are not entitled to relief of perpetual injunction as
prayed because the court did not qualify as certified evidence under section 65B
of the Indian Evidence Act. Due to the absence of direct evidence that it was
the defendant who was sending these emails, the court was not in a position to
accept even the strongest evidence. The court also restrained the defendant from
publishing, transmitting any information in the Cyberspace which is derogatory
or abusive of the plaintiffs.
Nasscom vs. Ajay Sood & OthersIn a landmark judgment in the case of National Association of Software and
Service Companies vs Ajay Sood & Others, delivered in March, '05, the Delhi High
Court declared 'phishing' on the internet to be an illegal act, entailing an
injunction and recovery of damages.
Elaborating on the concept of 'phishing', in order to lay down a precedent in
India, the court stated that it is a form of internet fraud where a person
pretends to be a legitimate association, such as a bank or an insurance company
in order to extract personal data from a customer such as access codes,
passwords, etc. Personal data so collected by misrepresenting the identity of
the legitimate party is commonly used for the collecting party's advantage.
court also stated, by way of an example, that typical phishing scams involve
persons who pretend to represent online banks and siphon cash from e-banking
accounts after conning consumers into handing over confidential banking details.
The Delhi HC stated that even though there is no specific legislation in India
to penalize phishing, it held phishing to be an illegal act by defining it under
Indian law as "a misrepresentation made in the course of trade leading to
confusion as to the source and origin of the e-mail causing immense harm not
only to the consumer but even to the person whose name, identity or password is
misused." The court held the act of phishing as passing off and tarnishing the
The plaintiff in this case was the National Association of Software and Service
Companies (Nasscom), India's premier software association.The defendants were
operating a placement agency involved in head-hunting and recruitment. In order
to obtain personal data, which they could use for purposes of headhunting, the
defendants composed and sent e-mails to third parties in the name of Nasscom.
The high court recognised the trademark rights of the plaintiff and passed an
ex-parte adinterim injunction restraining the defendants from using the trade
name or any other name deceptively similar to Nasscom. The court further
restrained the defendants from holding themselves out as being associates or a
part of Nasscom.
The court appointed a commission to conduct a search at the defendants'
premises. Two hard disks of the computers from which the fraudulent e-mails were
sent by the defendants to various parties were taken into custody by the local
commissioner appointed by the court. The offending e-mails were then downloaded
from the hard disks and presented as evidence in court.
During the progress of the case, it became clear that the defendants in whose
names the offending e-mails were sent were fictitious identities created by an
employee on the defendants' instructions, to avoid recognition and legal action.
On discovery of this fraudulent act, the fictitious names were deleted from the
array of parties as defendants in the case.
Subsequently, the defendants admitted their illegal acts and the parties settled
the matter through the recording of a compromise in the suit proceedings.
According to the terms of the compromise, the defendants agreed to pay a sum of
Rs1.6 million to the plaintiff as damages for violation of the plaintiff's
trademark rights. The court also ordered the hard disks seized from the
defendant's premises to be handed over to the plaintiff who would be the owner
of the hard disks.
This case achieves clear milestones: It brings the act of "phishing" into
the ambit of Indian laws even in the absence of specific legislation; It
clears the misconception that there is no "damages culture" in India for
violation of IP rights; This case reaffirms IP owners' faith in the India
Challenges faced by Digital Forensics Following are the major challenges faced by the Digital Forensic:
Some Examples of Uses of Digital Forensics
- The increase of electronic devices and extensive use of internet access
- Easy availability of hacking tools
- Lack of physical evidence makes prosecution difficult.
- The large amount of storage space into Terabytes that makes this
investigation job difficult.
- Any technological changes require an upgrade or changes to solutions.
In recent times, commercial organizations have used digital forensics in the
following a type of cases:
- Intellectual Property Theft
- Industrial espionage
- Employment disputes
- Fraud investigations
- Inappropriate use of the Internet and email in the workplace
- Forgeries related matters
- Bankruptcy investigations
- Issues concern with the regulatory compliance
Advantages of Digital forensics Some benefits of Digital forensics are:
Disadvantages of Digital Forensics
The major drawbacks of using Digital Forensic:
- To ensure the integrity of the computer system.
- To produce evidence in the court, which can lead to the punishment of the culprit.
- It helps companies to capture important information if their computer systems or networks are compromised.
- Efficiently tracks down cybercriminals from anywhere in the world.
- Helps to protect the organization's money and valuable time.
- Allows to extract, process, and interpretation of factual evidence, so it proves the cybercriminal actions in the court.
- Digital evidence accepted into court. However, it must be proved that there is no tampering
- Producing electronic records and storing them is an extremely costly affair
- Legal practitioners must have extensive computer knowledge
- Need to produce authentic and convincing evidence
- If the tool used for digital forensics is not according to specified standards, then in the court of law, the evidence can be disapproved by justice.
- Lack of technical knowledge by the investigating officer might not offer the desired result
A standardized and harmonized framework or solution that comprehensively
captures thetechno-legal requirements of Digital Forensic is an indispensable
tool for computer/cyber crime investigators and digital forensics experts to
handle and/or otherwise process distributed digital evidence expeditiously for
admissibility in the law courts.
There is, first of all, the need to streamline existing laws and implement
technical and legal requirements for evidence admissibility. Standard procedures
that are coherent and ensure harmony between lawyers, judges, forensic experts,
law enforcement agencies, corporations, individuals, and the court must be
adhered to. Secondly, the harmonization of cybercrime investigation and digital
forensics practices across borders is essential for investigations that
oftentimes involve more than one legal jurisdiction. Furthermore, heavy
investments must be made to boost the capacities of the relevant institutions
engaged in both digital evidence gathering and prosecution.
- M Reith, C Carr, G Gunsch, "An examination of digital forensic models". (International Journal of Digital Evidence, 2002) available at https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.9683 (last visited on March 19, 2023)
- Lawrence Williams, "What is Digital Forensics? History, Process, Type Challenges" available at: https://www.guru99.com/digital-forensics.html (last visited on March 19, 2023).
- Interpol, available at https://www.interpol.int/en/How-we-work/Innovation/Digital-forensics#:~:text=Digital%20forensics%20is%20a%20branch,crucial%20for%20law%20enforcement%20investigations (last visited on March 19, 2023).
- Rachana Y. Patil, Satish R. Devane, "Network Forensic Investigation Protocol to Identify
True Origin of Cyber Crime", Journal of King Saud University (Computer and Information
Sciences 2022) available at https://www.sciencedirect.com/science/article/pii/S1319157819311103?via%3Dihub (last visited on March19, 2023)
- Supra note 2.
- Emmanuel Kpakpo Brown, "Digital Forensic and Distributed Evidence"
- Available at: https://cybercrime.gov.in/Webform/CrimeCatDes.aspx last visited on March 20, 2023.
- Available at https://www.legaleagle-lawforum.com/forum/academic-articles/evolution-of-digital-forensics-in-india#:~:text=In%202010%2C%20Simson%20Garfinkel%20incorporated,which%20deals%20with%20Computer%20forensics. Last visited March 20, 2023.
- National Investment Promotion and Facilitation Agency, investindia.gov.in/sector/electronic-systems last visited March 20, 2023.
- Available at: https://telecom.economictimes.indiatimes.com/news/5-pc-rise-in-cybercrimes-in-india-in-2021-charge-sheeting-only-in-one-third-cases-govt-data/93904202 last visited on March 20, 2023.
- Supra Note 7.
- Supra Note 2.
- Available at: https://pib.gov.in/PressReleasePage.aspx?PRID=1635206#:~:text=This%20move%20will%20safeguard%20the,and%20sovereignty%20of%20Indian%20cyberspace. Last visited on March 20, 2023.
- Available at: https://cybercrime.gov.in/ last visited on March 19, 2023.
- Available at: https://www.meity.gov.in/ last visited on March 20, 2023.
- (2013) 12 SCC 73
- 2015 SCC OnLine SC 1242
- 2005 CriLJ 4314
- 2005 CriLJ 4314
- Crl. O.P. No. 6628 of 2010
(2018) 253 DLT 728
- (2008) 150 DLT 769
- CC No. 4680 of 2004
- CM APPL. No. 33474 of 2016
Supra Note 2.
- Supra Note 2.
- Supra Note 2.
- .Supra Note 6.
Supra Note 6.