Admissibility of Electronic Records (Section 65B of Indian Evidence Act, 1872)

Conditions for admissibility

Section 65B of the Indian Evidence Act, 1872 deals with the admissibility of electronic records as evidence in Indian courts. It is a special provision inserted to address the challenges posed by digital documentation.

To admit electronic records (e.g., emails, call logs, CCTV footage, WhatsApp chats) as evidence, the following conditions must be fulfilled:

• The electronic record must be produced from a computer that was regularly used to store or process information during the relevant period.
• The data must have been fed in the ordinary course of activities.
• The computer must have been operating properly throughout.
• The information must be derived from such a system.

Only if all these conditions are met, the electronic record will be treated as a document under Section 65B(1).

Certificate of electronic record

As per Section 65B(4), a certificate is mandatory for admissibility. The certificate must:

• Identify the electronic record
• Describe the manner in which it was produced
• Provide details of the device used
• Be signed by a person occupying a responsible position

The certificate must be presented on the letterhead of the organization or by the authorized officer (such as system administrator).

Example: If the police wish to submit CCTV footage in court, they must provide a Section 65B certificate signed by the IT officer or surveillance head attesting that the footage was collected from a functioning system and without tampering.

Proof of Electronic Records

Authentication of digital signatures

As electronic records often involve digital signatures, Sections 67A and 85B of the Indian Evidence Act lay down provisions for proving the authenticity of these signatures.

Section 67A states that the authenticity of a digital signature must be proven unless the same is presumed under the Act.

Modes of Authentication:

• By producing a Digital Signature Certificate (DSC) issued by a Certifying Authority (CA)
• Through the verification key in the digital signature system
• Using tools or software certified by the Controller of Certifying Authorities (CCA)

In Indian courts, the burden lies on the party producing the document to show that the digital signature is valid and traceable to the signatory.

Example:

If a contract is signed using a digital signature, the party relying on the document must either submit the digital signature certificate or request verification from the issuing CA to prove its authenticity.

Presumption as to Electronic Records

Section 85, 85A, 85B, 88A, 90A of Indian Evidence Act

Section 85: Presumption as to Electronic Agreements

Presumes that every electronic agreement concluded using digital signature has been affixed by the subscriber with the intent of signing the document, unless proven otherwise.

Section 85A: Presumption as to Electronic Records and Digital Signatures

Legal presumption that an electronic record containing a digital signature is valid and that the digital signature was affixed with the intent of authenticating the record.

Section 85B: Presumption as to Secure Electronic Records and Secure Digital Signatures

• Presumption that secure electronic records have not been altered since the specific point in time.
• Presumption that a secure digital signature is affixed by the subscriber and is valid.

Section 88A: Presumption as to Electronic Messages

When an electronic message is sent from one person to another, there is a presumption that it was sent by the originator; however, there is no presumption regarding its contents.

Section 90A: Presumption as to Electronic Records over Five Years Old

If an electronic record is more than five years old and produced from proper custody, the court may presume that the electronic signature is affixed by the subscriber.

Significance of These Presumptions

• They ease the evidentiary burden on parties relying on electronic evidence
• Provide legal recognition to the reliability and authenticity of digital transactions
• Reduce procedural hurdles in admitting electronic records in court

Preservation and Collection of Digital Evidence

Volatile Nature of Digital Evidence

One of the primary challenges in dealing with cyber evidence is its volatile and fragile nature. Digital data can be easily altered, deleted, or overwritten either accidentally or deliberately. Unlike physical evidence, digital traces can disappear with a simple shutdown or system update.

Legal Obligation to Preserve Data

Entities like Internet Service Providers (ISPs), hosting platforms, and corporates are often required to preserve logs and transactional data for a specified period under Indian laws like the IT Act, 2000 and rules framed under it.

Failure to preserve such data can hamper investigations and allow cybercriminals to escape justice.

Tools for Preservation

• Disk imaging and bitstream copying for forensic capture
• Write-blockers to prevent alteration of original data
• Network monitoring systems for real-time capture

Challenges Faced

• Unavailability of data due to encryption or secure deletion
• Jurisdictional issues when data is stored on foreign servers
• Need for immediate action before data is lost

Chain of Custody

Definition and Importance

Chain of custody refers to the documented process of collecting, handling, storing, and presenting evidence in a court of law. It ensures that the integrity and authenticity of evidence is maintained throughout the investigation.

Steps in Chain of Custody

• Collection of digital evidence with timestamp and metadata
• Sealing and labelling with unique IDs
• Documenting each transfer of evidence (who, when, why)
• Use of tamper-evident containers or digital logs

Legal Significance

If the chain of custody is broken or improperly maintained, the evidence can be challenged and declared inadmissible in court under Indian Evidence Law.

Example:

If a cyber forensic team collects a suspect’s mobile phone and transfers it to the lab, every handover must be recorded. A missing entry could raise doubts about tampering or fabrication.

Forensic Analysis of Digital Evidence

Role of Digital Forensics

Digital forensic analysis is critical in cybercrime investigations. It involves the scientific examination, recovery, and interpretation of electronic data to uncover evidence of criminal activity.

Types of Digital Forensics

• Disk Forensics: Recovering deleted files, system logs, hidden data from hard drives
• Network Forensics: Tracing cyber attacks, packet sniffing, monitoring network intrusions
• Mobile Forensics: Extracting call logs, messages, app data from mobile devices
• Cloud Forensics: Investigating data hosted on cloud platforms like AWS, Azure, etc.

Tools and Software

• EnCase, FTK (Forensic Toolkit), Autopsy, Sleuth Kit
• Wireshark and X-Ways for network and memory analysis
• Oxygen Forensics and Cellebrite for mobile extraction

Challenges in Indian Context

• Lack of trained forensic professionals and infrastructure
• Legal admissibility of forensic techniques must be proven
• Absence of real-time data acquisition capabilities in small law enforcement units

Conclusion

The effective use of cyber evidence depends not only on its collection but also on scientific validation, legal procedures, and documentation. Forensic analysis bridges the gap between technical clues and legal proof in cyberspace-related offences.