top of page
Search

*E-Evidence in Indian Courts — Admissibility, Chain of Custody & Forensics

  • Jahan Soni
  • Sep 14
  • 5 min read
A vintage detective board features photos, a large fingerprint, and a magnifying glass. Bold text reads "The Clue." Mysterious mood.

1. Why e-evidence matters now


Digital traces — chat logs, mobile backups, CCTV, e-mails, system logs, cloud backups, GPS data, IoT telemetry — are now central to criminal and civil litigation. But their convenience is double-edged: electronic records are easy to alter, delete or fabricate. Indian courts therefore treat e-evidence with legal caution: admissibility depends on statutory procedure and demonstrable integrity (chain of custody and forensic processes). The basic statutory scheme sits in Sections 62–63 of the Bharatiya Sakshya Adhiniyam.


2. The statutory framework:


Section 62: Introduced to recognise “electronic records” as documents for evidentiary purposes; it tells courts how such content may be proved.


Section 63: Prescribes the procedure for admissibility of electronic records particularly where those records are produced by way of secondary evidence (for example, printouts, CDs, pen-drives, copies). The key practical point from the statute: a specified certificate (under s.65B(4)) accompanying secondary electronic evidence is the principal safeguard of authenticity.


3. The leading case law:


Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473


The Supreme Court held that Sections 65A–65B create a special scheme and that secondary electronic evidence (e.g., CDs, printouts) is inadmissible unless accompanied by the s.65B(4) certificate — i.e., the certificate is necessary to establish admissibility of computer-generated outputs produced as secondary evidence. This decision sharply limited the older view that general documentary rules (Sections 63–65) could suffice.


Shafhi Mohammad v. State of Himachal Pradesh, (2018) 2 SCC 801


A later two-judge decision took a more flexible view and allowed situations where a certificate could be dispensed with (for instance where the party producing evidence could not reasonably obtain the certificate). That created a conflict in the law. (This conflict was later referred for clarification.)


Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal, (2020) 7 SCC 1


A larger Bench reference addressed the tension between Anvar and Shafhi. The authoritative three-judge consideration re-affirmed that where the original electronic device/output cannot be produced, the s.63 certificate is a required procedural safeguard for admitting secondary electronic evidence — i.e., courts must generally insist on the certificate unless the original (primary) electronic record is produced or exceptional, proven impossibility exists. This effectively reaffirmed the strict protection around secondary electronic evidence.


> Practical takeaway: If you rely on copies/prints/CDs/images of digital data, either produce the original electronic medium (primary evidence) in court OR ensure you have a proper s.63 certificate prepared at the time of seizure/collection.


4. Primary vs Secondary e-evidence — plain rules


Primary electronic evidence = the original electronic medium or original device/drive (e.g., the hard disk, original server data). If produced as primary evidence, the strict s.65B certificate requirement for secondary evidence does not apply in the same way — but authenticity still must be proved.


Secondary electronic evidence = copies, printouts, CDs, images, exports. For these, s.65B(4) certificate is normally required.


5. Chain of custody — what courts expect (and why it breaks cases)


Chain of custody is documentary and procedural proof of who handled the item, when, and how. For electronic material judges look for a clear, contemporaneous paper-trail showing:


  1. Seizure memo at the scene (signed by seizing officer and independent witness).

  2. Item identification (unique IDs, serial numbers, MAC addresses, IMEI).

  3. Imaging: For storage media, creation of a forensically sound bit-image (using write-blockers) with hash values (MD5/SHA1/SHA256) logged.

  4. Sealing & labelling: physical seals, tamper-evident packaging and signed labels.

  5. Transfer log: who transported the media, dates/times, chain of custody form, signatures at each handover.

  6. Lab processing logs: tool names/versions, examiner’s notes, hash values before/after, methodology.

  7. Final report: examiner’s findings, copies of relevant output, signatures and accreditation details.

  8. Retention of originals: retention policy and location must be recorded.


A breach at any of these steps creates reasonable doubt about authenticity. The National Judicial Academy and Indian forensic guidance stress strict documentation as core to admissibility.


6. Digital forensics — best practice


  • Forensic image first, examine later. Never analyse an original; always work on a verified bit-image. Produce hash values and examiner logs.


  • Use validated tools & record versions. Document software/tools (and their versions) used for acquisition and analysis. Courts will ask whether the tool is accepted in the community.


  • Accredited labs & trained examiners. Use accredited FSLs or labs that follow ISO/IEC 17025 / relevant standards — accreditation strengthens the weight of the report.


  • Preserve metadata. Timestamps, log files, access control lists, and system logs are often more probative than content alone. Preserve them intact.


  • Document chain of custody contemporaneously. Every signature, every transfer. If evidence went to a private lab, keep records of authorization and transfer.


7. Practical litigation-ready checklist:


  • At seizure / first contact

  • Fill out a detailed seizure memo with independent witness and photographs of device in situ.

  • Note device identifiers (IMEI, serial, MAC), account identifiers (email IDs, phone numbers), and physical location.

  • Isolate the device (remove network access) if live analysis will cause changes. Prefer powered-off seizure for storage devices unless volatile data is critical.

  • Forensics & preservation

  • Create a write-protected forensic image immediately; compute and record hash values.

  • Keep the original sealed and secure; lab must process only images.

  • Use an accredited lab; ensure examiner signs a certificate that can support s.63 if secondary evidence will be used.

  • If you expect to produce copies in court

  • Prepare the S. 63 certificate (or be ready to request the court to direct the custodian to provide it) — certificate should state the device, manner of extraction, and that to the best of the certifier’s knowledge the copy is an accurate reproduction.


For lawyers


  • Preserve communications with service providers (emails, preservation requests).

  • If the original device cannot be produced, file early applications for direction to custodians (ISP, platform, corporate IT) to preserve and/or produce the S. 63 certificate.

  • Challenge lab methodology where chain of custody or tool validation is weak.


8. Common traps that lose e-evidence in court


  • No seizure memo or uncertified seizure.

  • No forensic image or missing/changed hash values.

  • Device handed to a lab with no chain-of-custody record.

  • Reliance on screenshots or screenshots of messages without underlying exported data and certificates.

  • Using non-accredited/unvalidated tools and failing to document methodology.


9. Emerging trends & practical resources


Courts increasingly expect professional forensic processes; trial judges and High Courts have required lab accreditation and examiner competence. Academic and policy work points to growing institutional capacity (NFSU and academic research on digital forensics in India).


★Practical Guide - Step-by-Step:


  1. On receipt of complaint / FIR: note devices/platforms involved; preserve by written request to custodian/platform.

  2. At scene: seizure memo + photographs + witness signatures. Tag device with unique ID.

  3. Transport: tamper-evident seal, maintain transfer log (who, when, where).

  4. Forensic imaging: use write-blocker; record tool/version; compute SHA256 & MD5 hashes; log examiner name.

  5. Analysis: document every step; save copies of raw and parsed data; generate export and preserve the original image.

  6. Report: signed, method-section, exhibit samples, hashes, logs. If producing secondary copies, prepare S.63 certificate early.

  7. Court preparation: bundle seizure memos, chain-of-custody forms, lab report, tool list, and S. 63 certificate (if secondary evidence).


💡 VIDHIGYATA INSIGHT :


Law and technology together give digital evidence its real weight.

It is not just the content that matters, but the proof-management process—seizure memo, forensic imaging, hash verification, laboratory procedure and the Section 65B certificate.

Courts now focus on authenticity safeguards, so every lawyer, investigating officer and forensic examiner must ensure there are no gaps in documentation if the evidence is to stand in court.


★Key Sources:


  • Bharatiya Sakshya Adhiniyam, 2023 – S.62 & S. 63

  • Bharatiya Nagarik Suraksha Adhiniyam– S. 94, 95, 103 & 106 (search and seizure).

  • National Judicial Academy, Manual on Electronic Evidence (latest ed.).

  • National Forensic Sciences University, Handbook on Digital Forensics (latest ed.).

  • Ministry of Home Affairs, Cyber Crime Investigation Manual (current version).



VIDHIGYATA

Trusted Companion of  Law Students 

Vidhigyata is a platform designed as a trusted companion for law students in India, aiming to enhance their legal journey. The site offers job and internship updates from top law firms, concise legal notes, study resources, exclusive webinars, and mentorship opportunities tailored for academic success and competitive exams. Vidhigyata's mission is to foster a vibrant legal community that provides accessible opportunities and promotes growth among students.

  • Whatsapp
  • Youtube
  • LinkedIn
  • Instagram
bottom of page