File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Future Of Digital Forensics In India: An Analysis

Digital Forensics is defined as the process of preservation, identification, extraction, and documen- tation of computer evidence which can be used by the court of law. It is a science of finding evi- dence from digital media like a computer, mobile phone, server, or network. This research paper explores the loopholes in the legal system, its inefficiency to keep up with the growing technology causing cyber crimes and what the future holds. It talks about the inadmissibility of forensic evi- dence in digital format in the courtroom.

How India needs more skilled people in this field, proper institutions to provide them with digital forensic knowledge for the future. Also, the need for prop- er systems and to check the efficiency of such systems. Lack of statutory provisions for crimes. This paper follows a doctrinal methodology referring to various books, articles and papers. Thus, the ju- diciary needs more developed laws and skilled men to take digital forensics to the next level in the coming years.

Introduction To Digital Forensics

Digital forensics is a branch of the forensic sciences which deals with the recovery and investiga- tion of material found in digital devices. It includes investigation of every device capable of storing digital data and has roots in the personal computing revolutions (1970-1980). The discipline emerged completely in the 21st century with the emergence of national policies. It has applications in criminal or civil courts to support or refute a hypothesis. Digital forensics is further divided into several branches - computer, mobile device , network, forensic data analysis and database forensics.

Computer forensics:
This discipline includes computers, embedded systems and static memory. It deals with logs through to actual files on the drive. In 2007 prosecutors used a spreadsheet recovered from the computer of Joseph E. Duncan III to show premeditation and secure the death penalty. Sharon Lopatka's killer was identified in 2006 after email messages from him detailing torture and death fantasies were found on her computer.

Mobile Forensics:
Mobile devices have an inbuilt communication system GSM and proprietary storage mecha- nisms. Investigations focus on call data and communications, location information wither from inbuilt gps or via cell site logs. SMS data from a mobile device investigation helped to exonerate Patrick Lumumba in the murder of Meredith Kercher.

Network forensics:
It is concerned with monitoring and analysis of computer network traffic for the purposes of in- formation gathering, evidence collection, or intrusion detection.

Forensic data analysis:
It examines structured data with the aim to discover and analyse patterns of fraudulent activities resulting from financial crime.

Database forensics:
forensic study of databases and their metadata. Investigations use database contents, log files and in-RAM data to build a timeline or recover relevant information.

Legal considerations:
the law of evidence and that of information technology has made the legal domain at par with the contemporary challenges of the cyber space. Since every law has to have an enforcement mecha- nism, it becomes pertinent to understand it as well. In that case , understanding the effect and the nature of the computer-related crime becomes relevant, i.e., whether the computer is used as a means/target for conducting any illegal activity with a dishonest and fraudulent intention under Section 66 of the Information Technology (Amendment) Act, 2008.For an act to be investigated as a cyber-crime under Section 66 of the Information Technology (Amendment) Act, 2008, it has to be an act as defined under Section 43 of the Act coupled with dishonest and fraudulent intentions ac- cording to Section 24 and 25 of the Indian Penal Code.7

Cyber Forensic Laws And It's Need To Develop For The Future In India

Forensic science is a comparatively new field and cyber forensics is even newer. There are different fields of cyber forensics and every field in itself is very difficult to practice. Nevertheless, significance of cyber forensics cannot be undermined especially in contemporary times of space laws, artificial intelligence and Internet of Things (IoT)

India has launched projects like National E-Governance Plan (NeGP), Digital India, etc that are technology driven. From simple cases of broadband theft to sophisticated cases of satellite hacking, cyber forensics is going to play a major role. Of course, India is a beginner in this field so we must start with basics of cyber forensics.

Even for basic application of cyber forensics principles, we find law enforcement agencies, public prosecutors and judges struggling. The entire case against a cyber criminal is jeopardised the mo- ment a faulty police investigation is started. We have police officers and intelligence officers in In- dia who have wonderful investigation capabilities. However, not all of them can apply these inves- tigation technologies in cyberspace.8

We have two acts, i.e., the law of evidence and that of information technology; It is important to understand that, for an act to be investigated as a cyber-crime under Section 66 of the Information Technology (Amendment) Act, 2008, it has to be an act as defined under Section 43 of the Act cou- pled with dishonest and fraudulent intentions according to Section 24 and 25 of the Indian Penal Code. If the act falls short of the above criteria, then it falls under the jurisdiction of the Adjudicat- ing Officer and becomes an offence only, and will not be investigated as a cybercrime.

Admissibility Of Forensic Evidence In Digital Format In A Legal Court In India

The definition of evidence as given in the Indian Evidence Act, 1872 covers a) the evidence of wit- ness i.e. oral evidence, and b) documentary evidence which includes electronic record produced for the inspection of the court.8 Section 3 of the Act was amended and the phrase �All documents produced for the inspection of the Court� was substituted by �All documents including electronic records produced for the inspection of the Court�.9

Regarding the documentary evidence, in Section 59, for the words �Content of documents� the words �Content of documents or electronic records� have been substituted and Section 65A & 65B were inserted to incorporate the admissibility of electronic evidence. Traditionally, the fundamental rule of evidence is that direct oral evidence may be adduced to prove all facts, except documents.

The hearsay rule suggests that any oral evidence that is not direct cannot be relied upon unless it is saved by one of the exceptions as outlined in sections 59 and 60 of the Evidence Act dealing with the hearsay rule. However, the hearsay rule10 is not as restrictive or as straightforward in the case of documents as it is in the case of oral evidence. This is because it is settled law that oral evidence cannot prove the contents of a document, and the document speaks for itself.

Therefore, where a document is absent, oral evidence cannot be given as to the accuracy of the document, and it cannot be compared with the contents of the document. This is because it would disturb the hearsay rule (since the document is absent, the truth or accuracy of the oral evidence cannot be compared to the document). In order to prove the contents of a document, either primary or secondary evidence must be offered.9

Efficiency Of Cyber Forensic Tools For Examining Evidence In India

The tools of cyber forensic investigation are X- Ways WinHex, First on Scene, Rifiuti, Pasco, Galleta/Cookie, Forensic Acquisition Utilities, NMap, Ethereal, BinText, Encrypted disk detector, MemGator. Rifiuti is a tool which helps in finding the last details of a system's recycle bin. It helps in collecting all the deleted and undeleted files. Pasco is a Latin word meaning �browse�.

Pasco helps in the analysis of the contents of what all browsing has been done from ones computer. In short it is particularly useful in gathering records of internet activities carried out from a targeted computer. There is one another technique used for cyber forensic not particularly falling under the ambit of the tools used is, Miscellaneous Steganography Tools. It is basically a technique where data or a text file is converted and then embedded into an im- age file in order to deceive others. There are some tools how- ever that help in detecting such injections.

Hackers and malicious users are coming up with such ideas to inject data files into not just as image files but also as music and video files. At times individuals try to hide their incriminating information by renaming a file of a particular type to another type by changing its extension. By doing so, it makes it difficult for one to determine the correct type of the file. In order to flag such suspicious file Encase is used; by running hash (#) functioning to the hard drive will interpret file headers and mark them as containing incorrect header information.

In order to make these information / evidence admissible in the court of law, it is very essential to create an exact image of the information. And for this the specialists work very hard, with all patients and accuracy , with all confidentiality that no one should know on what they are working on, and with all dedication in order to collect vital information which can be produces ad a concrete evidence before the court.

Once the information and all evidences are gathered, a com- piled report is made by the specialists that can be produced before the courts. As these people are expertise and have special training re- garding use of such complex tools and techniques they can also testify before the court regarding the matter they are working on.

Now a days, angry employees with malicious intention have assaulted many e-commerce website, such as viruses, wire- tapping and financial frauds in various governmental of in- dependent firms and companies. This e-commerce attaching causes various financial hardships to the companies. This has been observed as a common trait among the individuals who have been fired or have been insulted by the head departments, independent of hackers and such cyber criminals.

No matter how- ever effective any technology or system may be. There always has been a drawback to the same. Similarly, preserving data or information for the purpose of serving as an evidence is beneficial to the court but on the other hand there may be certain technical and human barriers to such gathering of the information.

Some of the limitations are as follows:
  1. Some facilities which are there within the browsers for the purpose of saving the WWW pages to disk are not perfect because it may save the texts but not the related images
  2. There might be difference between what is there on the screen which can be seen and what is saved on the disk
  3. The method which has been used to save a particular file might not carry individual labelling regarding when and where it was obtained. Such files can be easily forged or modified
  4. times it becomes difficult for the system to locate the page which was acquired at last. If the en- tire series is examined it becomes even difficult to point which one was later and which was earlier. 5.Many ISPs use proxy servers in order to speed up their de- livery of pages which are popular on web. Hence, the user might not be sure of what he has received from that particular website by his ISP.
  5. Common mistakes like altering of the date and time stamps, killing of rouge processes, patching system before investigation etc lead to loose of data from the disk resulting in crash- ing of the e- files and evidences stored on the computer.10

New technologies are helping the engineers to develop and create more robust hardware and soft- ware to investigate with respect to computer related crime.The advancement of encryption is one Discussing Foreign Cyber Forensics System With Their Indian Counterpart

India has tried to address the challenges that its security agencies are faced with in the areas of law and order and terrorism in a variety of ways. In 2011, a petition was filed by Yahoo! India Pvt Ltd. against the Union of India in the Delhi High Court.93

The petition records repeated demands for access to IP addresses and email content by the government, citing demands from the Intelligence Bureau (IB),94 India's premier internal intelligence organisation. The petition records how the IB sought this data under section 28 of the Information Technology Act 2000, through the offices of the Controller of Certifying Authority (CCA) under the Department of Information Technology, Government of India. Instances such as those detailed above have also sharpened India's approach favouring a multilateral approach to cybersecurity at the global level.

In fact, for New Delhi, building a broad global coalition on security issues, both from an approach and treaty perspective, has been the corner stone of its foreign policy, especially when it impinges on its global security concerns, for almost two decades now. Thus, in September 1997, India became one of the early signatories to the International Convention for Suppression of Terrorist Bombings.95 A year earlier, India had tabled a draft Comprehensive Convention on Terrorism, which it revised and resubmitted during the 55th UN General Assembly in 200096 and it has continued to press for it over the years.97

It is against this background then, that Minister Prasad's insistence, highlighted in the introduction to this paper, that security-related issues would continue to see a dominant role by the State as far as India is concerned, has to be understood. Mr. Prasad made this amply clear in the same message in which he announced India's change in policy to embrace multi stakeholder approaches to Internet governance.98 Security concerns have resulted in India grappling to have a greater say in the Inter- net governance space in the belief that it will have a more forceful voice using the multilateral approach.

In many cases, those concerns are centred around issues of online jurisdiction. For instance, if an online crime were to occur beyond India's territorial boundaries, but the evidence was present in servers in India, would the laws of other nations be applicable here? This is also complicated by the fact that Indian security officials frequently complain that getting data under the Mutual Legal Assistance Treaty (MLAT) has been a huge challenge. These issues are a recurring theme and a ma- jor reason for India's opposition to the Council of Europe's Convention on Cybercrime, better known as the Budapest Convention.

The Budapest Convention came into being on November 23, 2001 as a first multilateral effort by member signatories to address jurisdictional issues. Intended to create a 'common criminal policy aimed at the protection of society against cybercrime',99 the convention also set the gold standard for cybersecurity confidentiality, integrity and availability (CIA) of computer systems. For India, the agreement, though beneficial at many levels, was, how- ever, unacceptable. Taking a cue from Russia that the Convention was fatally flawed and could jeopardise issues of sovereignty,100 India along with China and Brazil argued that a treaty negotiat- ed by Europeans for themselves was clearly unacceptable to their aspirations and sovereignty.

While India generally opposes treaties that it has not been party to during the negotiation on the clauses, it was particularly opposed to the implications of clause 32 (b) of the Convention, which it deemed to be discriminatory. The clause refers to 'trans-border access to stored computer data with consent or where publicly available' and specifically states that a Party may, without the authorisation of an- other Party, 'access or receive, through a computer system in its territory, stored computer data lo- cated in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system'.11

While echoing the worry that most servers are situated in the US as a reason for India's decision to not sign the convention,102 India instead has consistently sought US involvement in pushing for establishing a root server in India103 in the belief that it will give it much greater say and control over the Internet.104 India has also tried to find redressal for its concerns by submitting a proposal in 2014 in the United Nations' International Telecommunications Union (ITU) to develop a 'public telecom network architecture that keeps traffic originating and terminating in the country/region and meant for the country/region, as well as address resolution relating to such traffic' local.105

In this same draft resolution, India also requested the ITU Secretary-General to 'work with all other stakeholders, including international organizations, to make changes so that it is possible to discern the country location of a particular IP address'.106 The proposal, despite being presented twice with modifications, did not find much support.

With the emergence of science and technology, cyber forensics has played a very important role. Moreover with the increase in the cyber crimes like hacking etc, the need of cyber forensics have felt , thus various tools and techniques have been developed for tracing the crime, making the exact report in order to make it admissible in the court of law.

Various industries, corporations and gov- ernmental agencies now a days are keen towards appointing an expert in this field in order to check out cyber malfunctioning done by the employees. Such experts are appointed ti investigate the computer related crimes. After making an investigation, these specialist have to extract and prepare an exact repot of the evidence gathered through various mediums before the authority who asked him to do.

The existing forensic tools play a vital role in the aspect of the recovery. Each tool has its own con- strains and limitations. There is need to make this tools and techniques more advance and enhanced to make computer forensics a full success and legally valid in law.

The future of computer forensics is limitless. With the expansion of technology the field will con- tinue to expand along it its benefits and barriers. Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability. The evidence so collected by the specialist have to be handled and preserved in an appropriate manner, So that they can be produced before the court in its exact manner. Any process or methodology breakdown in implementation of the cyber forensics will ultimately lead to jeopardy of the case.

  • Dr. Anjani Singh Tomar, ' Cyber Forensics in Combating Cyber Crimes' (2014)
  • Cyber Forensics : law and practice in India ( iPleaders, May 17 2014 ) cyber-forensics-law-and-practice-in-india/
  • Cyber Forensic and Admissibility of Evidence, stream/10603/268180/13/13_chapter%207.pdf
  • Cyber Forensics Research Centre Of India (CFRCI) By PTLB accessed 30 September 2020
  • Dubey V. Admissibility of electronic evidence: an Indian perspective. Forensic Res Criminol Int J. 2017;4(2):58-63
  • E. Casey (2004), Digital Evidence and Computer Crime, Second Edition
  • Shrivastava, Gulshan & Sharma, Kavita & Khari, Manju & Zohora, Syeda. (2018). Role of Cyber Security and Cyber Forensics in India.
  • S.L. Garfinkel (2010) , Digital Forensics Research : The next 10 years
  • Saikat Datta, 'Cybersecurity, Internet governance and India's foreign policy: Historical an-tecedents' (2016)
  • Urvashi Sharma Mishra, �Application of Cyber Forensics in Crime Investigation�(2018) Hans Raj Mahila Maha Vidyalaya Research Paper
  • Venkatesh Ganesh, 'India lagging in cyber security awareness' (2018)

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers

Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


How To File For Mutual Divorce In Delhi


How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Increased Age For Girls Marriage


It is hoped that the Prohibition of Child Marriage (Amendment) Bill, 2021, which intends to inc...

Facade of Social Media


One may very easily get absorbed in the lives of others as one scrolls through a Facebook news ...

Section 482 CrPc - Quashing Of FIR: Guid...


The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of t...

The Uniform Civil Code (UCC) in India: A...


The Uniform Civil Code (UCC) is a concept that proposes the unification of personal laws across...

Role Of Artificial Intelligence In Legal...


Artificial intelligence (AI) is revolutionizing various sectors of the economy, and the legal i...

Lawyers Registration
Lawyers Membership - Get Clients Online

File caveat In Supreme Court Instantly