Digital Forensics In India- An Overview

Digital Forensics in India

This article is submitted by:

  • Panjala Shreeya
  • Kaveti Vinisha


The term “forensic” is derived from the Latin word “forenses,” which means “forum.” A forum was a public gathering place in early Rome where judicial hearings and debates were held.

The collecting, preservation, and analysis of evidence for prosecuting an offender in a court of law is all part of forensic science. The role of forensic science in the investigation, identification, and conviction of criminals is widely accepted in the criminal justice systems around the world.

Forensic science is the general term used for all of the scientific processes involved in solving a crime. The role of forensic scientists had grown over the past few decades due to the rise in crime rate and technological developments. Criminal activity in electronic or digital environments, particularly in cyberspace, has become commonplace. Criminals are increasingly relying on technology to carry out their crimes, posing new obstacles for law enforcement officers, attorneys, judges, military personnel, and security personnel. Digital forensics has become an important tool for identifying and distinguishing computer-based and computer-assisted crime. Because of the dependability and precision of forensic evidence in criminal identification, it has the potential to aid in the rapid disposition of criminal cases.

Justice Anand Pathak, while hearing a case in the Madhya Pradesh High Court highlighted some major issues related to forensic sciences:

Forensic science does not only mean DNA reports or Blood Sampling or PSL report as it goes beyond and if we wish to march with time, then we should have to be well equipped with technologies. When artificial intelligence, robotics, and drone technologies are knocking at the doors then policymakers or stakeholders cannot place rule of law or adjudication process at the mercy of archaic methods of investigation and prosecution. Police investigation and prosecution in courts cannot lie at the altar of the statement of witnesses alone but it should be based upon a scientific way of investigation and police officers, public prosecutors and trial judges ought to be well equipped with the subjects and tools of forensic sciences.”

There lies no doubt in saying that it holds an important place in the judicial system, particularly in the field of criminal justice system. Many courts have reaffirmed its evidentiary value in diverse instances.

Evidentiary value of digital forensics

The major provisions governing digital forensics are embedded in the Indian Evidence Act,1872, and the Information Technology Act,2000. The following are the said provisions:

Inclusion of electronic evidence under evidence

  • The term Evidence originally did not contain Digital evidence, it was only through the amendment made to section 3 which allowed for the inclusion of electronic evidence as “Evidence” under the Indian Evidence Act,1872.[1]
  • Section 4 of the Information Technology (Amendment) Act,2008 provides for the electronic evidences in place of paper-based records.[2]

Admissibility of electronic evidence

The Indian courts have reiterated that evidence from digital sources cannot be refused, however, their accuracy must be proved.[3] The following sections allow electronic evidence thereby giving them legal backing.

Section 65-A and 65-B of the Evidence Act provides the conditions for the admissibility of electronic records.[4]

Section 79A of the IT (Amendment) Act, 2008 defines electronic evidence as any information of probative value that is either stored or transmitted in electronic form and includes computer evidence, digital audio, digital video, cell phones, and digital fax machines.


  • Section 79A of the IT (Amendment) Act, 2008, empowers the Central government to appoint any department or agency of Central or State government as Examiner of Electronic Evidence.[5]

Cyber-crime and the Ever-Evolving Computer Forensics

Cybercrime is on the ascent as the globe increasingly relies on digital technologies and their deep, enduring, and dynamic nature. Computer forensics widely termed “digital forensics” or “cyber forensics” is the use of investigation and analytical techniques to collect and preserve evidence from a specific electronic device in a form that may be presented in court. The primary objective of Computer forensics is to conduct a systematic investigation and maintain a recorded chain of evidence in order to determine exactly what transpired on a computing device and who was accountable for it. The collecting of information in a secure way is the first step in digital forensics. The data or system is then examined to see if it was altered, how it was altered, and who made the alterations. Computer forensics is not always used in connection with a crime, it is also used to collect data from a crashed server, failed disc, reformatted operating system (OS), or other circumstance when a machine has abruptly ceased working.

Types of forensic examinations

There are various types of forensic examinations that help in tackling such crimes and some of the prominent ones are as follows:

  • Database forensics: The study of examination of databases and their accompanying meta data.
  • Email forensics: Email forensics is the analysis of the source and content of an email as evidence to identify the legitimate sender and receiver of a message, as well as certain additional information such as the date/time of transmission and the sender’s intent. It includes inspecting information, scanning ports, and conducting keyword searches.
  • Malware forensics: It is a method of locating, analysing, and examining various aspects of malware in order to identify the perpetrators and cause of the attack.  Checking for hostile code, detecting its entry, the mechanism by which it spreads, the impact on the system, the ports it tries to use, and so on are all part of the strategy.
  • Memory forensics: The examination of potentially volatile data contained in a computer’s memory dump is known as memory forensics. Memory forensics is a technique used by information security professionals to investigate and detect breaches or malicious activities that leave no readily visible traces on hard disc data.
  • Mobile forensics: Mobile device forensics is a subset of digital forensics that primarily focuses on retrieving digital data or evidence from a device under specified conditions. The word “mobile device” most usually refers to phones, although it may also allude to any digital device with internal memory and communication capabilities, such as PDAs, GPS devices, and tablet PCs.
  • Network forensics: Unlike other fields of digital forensics, network investigations deal with volatile and dynamic data. As network traffic is sent out and subsequently lost, network forensics is often used as a proactive inquiry.

Techniques used by the Industrial Experts

Reverse steganography: 

Steganography is a data hiding technique, it consists of the dissimulation of secret information into digital files so that an intended recipient can extract it successfully. A reversible steganographic method allows to extract data from the file as well as to retrieve the cover file, both the secret information and the cover image are retrieved by the recipient.

Stochastic forensics:

Theft of intellectual property has been on the rise in recent decades but what makes it more harmful is the fact that it is very difficult to trace the thief since most of the time it is done by an insider who has access to the information. Stochastic forensics is a method to forensically reconstruct digital activity lacking artifacts by analyzing emergent properties resulting from the stochastic nature of modern computers.

Example:  In 2018, Zhang an Apple’s Research and Development organizations employee, with access to the project’s technical databases was accused of stealing confidential data from the company’s secret containing electrical schematics for a circuit board that contains Apple’s proprietary infrastructure of a self-driving car project.

It is in cases like these the method is proven to be most effective in identifying the culprit behind the theft.

Cross-drive analysis:

 It is an approach that is designed to allow an investigator to simultaneously consider information from across a corpus of data sources such as disk drives and solid-state storage devices. 

Live analysis:

The examination of computers from within the operating system using custom forensics or existing tools to extract evidence.

Deleted file recovery:

There are professional recovery tools used by data recovery specialists which enable them to recover files even when the drive has been re-partitioned and re-formatted.

Loopholes in the system

Lack of experts: 

According to estimations, there are mere 0.33 forensic experts for every 0.1 million people in India, for the task of examining crime scenes and preparing reports. However, depending on the workload of criminal investigations in different nations, the population ratio of forensic scientists in other countries ranges from 20 to 50 scientists per 0.1 million inhabitants. [6]

High rate of pending cases:

The present state of pending cases in 2021 is no better; the expected pendency of cases in India’s Forensic Science Laboratories is from 0.7 to 0.8 million cases. In these circumstances, the referral rate of cases to FSLs in India is approximately 10–12 percent of total crime recorded in various states. This percentage demonstrates not just the infrastructural falter, but also the government’s inadequacy to enact progressive laws that enable the prompt disposition of cases.[7]

Reliability of scientific evidence:

Several factors are subverting the reliability of scientific evidence in India, some of these can be listed as lack of scientific certainty, insufficient research arising due to meager resources, absence of a code of ethics, lack of certification of the experts, paucity of databases, and non-availability of error rate statistics for all the techniques.[8]

Increase in cybercrimes associated with a need for stronger infrastructure:

Since the nature of cybercrime is inherently dynamic, the present infrastructure becomes incompatible in resolving such cases.

Varied legislations:

Lack of single legislation that accommodates the provisions dealing with the subject of digital forensics.           

Transnational cybercrime activities:

Another challenge to digital forensics is the transnational nature of cybercrimes, which pose serious legal complications.

Nonetheless, the authors feel that the following suggestions can help the state navigate through the ever-evolving concept of digital forensics and narrow down the existing incompetenciess and find a “way forward”.

Way Forward

Capacity building: Conducting technical training sessions and coordinating the stakeholders to boost the number of competent investigators and judges.

Legislations: In order to establish forensic regulatory mechanisms in India, the Forensic Regulatory and Development Authority Bill must be passed immediately, which includes codes of conduct and ethics for the country’s forensic practitioners.

Education and research centers: In September 2020, the Ministry of Home Affairs (MHA), Government of India, passed two Acts i.e., The National Forensic Science University (NFSU) Act 2020 [9] and Rashtriya Raksha University (RRU) Act 2020 [10]. It provides for the establishment of regional institutions for education and research. In Gujarat, the NSFU has been created and several RRUs have been created in various cities like Gandhi Nagar, lavad, and dahegam. Many specialized centers should be established, offering a more solid platform for research and education. 

Implementation of recommendations: Various committees have been formed to evaluate the state of forensic science in India, and recommendations have been made, but most of them have remained on paper indefinitely. One such example is the recommendations made by the Justice Dr. V.S. Malimath Committee in March 2003, which is yet to be implemented. Such delays aggravate the pre-existing deficiencies in forensic systems.

[1] Indian Evidence Act, 1872.

[2] Information Technology (Amendment) Act, 2008.

[3] Ram Singh v Col Ram Singh, 1985 (Supp) SCC 611.

[4] Indian Evidence (Amendment) Act, 2000.

[5] Information Technology (Amendment) Act, 2008.

[6] Forensic Science International; Report, Volume-3, 100215, July 2021.

[7] Forensic Science International; Report, Volume-3, 100215, July 2021.

[8] J. Peterson, I. Sommers, D. Baskin, D. Johnson, The role and impact of forensic evidence in the criminal justice process, September 2010,

[9] National Forensic Sciences University Act, 2020, NO.32, Acts of Parliament, 2020 (India).

[10] Rashtriya Raksha University Act, 2020, No.31, Acts of Parliament, 2020 (India).