Whether in the case of a Cyber Crime pursued by the Police or a Computer Audit
pursued by an auditor, "Evidence" plays a vital part in securing the interests
of the Information Asset owner. Naavi discusses the legal requirements and the
devices required for the purpose of collecting judicially acceptable Cyber
It is more than three years since law was passed in India to recognize
electronic documents as admissible evidence in a Court of law. The
necessary amendments were made to the Indian Evidence Act 1872 by the
Information Technology Act 2000 (ITA-2000).
In the case of electronic documents
produced as "Primary Evidence", the document itself must be produced to the
Court. However, such electronic document obviously has to be carried on a
media and can be read only with the assistance of an appropriate Computer with
appropriate operating software and application software.
In many cases even in
non-electronic documents, a document may be in a language other than the
language of the Court in which case it needs to be translated and submitted
for the understanding of the Court by an "Expert". Normally the person making
submission of the document also submits the translation from one of the
"Experts". If the counter party does not accept the "Expert's opinion", the
court may have to listen to another "Expert" and his interpretation and come
to its own conclusion of what is the correct interpretation of a document.
In the case of the Electronic
documents, under the same analogy,
"Presentation" of document is the responsibility of the prosecution or the
person making use of the document in support of his contention before the
Court. Based on his "Reading" of the documents, he submits his case. This may
however be disputed by the counter party. In such a case, it becomes necessary
for the Court to "Get the document Read by an expert" to its
satisfaction. It is necessary to have some clarity on the legal aspects of
such documents presented to the Court because most of the court battles are
expected to revolve around "Proper Reading " of the documents and "Possible
manipulation of the documents".
In making presentation of an
"Electronic Document", the presentor may submit a readable form of the
document in the form of a "Print Out". Question arises in such a case whether
the print out is a "Primary Evidence" or a "Secondary Evidence".
According to Indian Evidence Act,
section 65 refers to "Cases in which secondary evidence relating to documents
may be given". However, the modifications made to this section by ITA-2000
have added Sections 65 A and Section 65 B.
Though these sections have been
numbered as A and B of 65, these are not to be treated as sub sections of
Section 65. As per schedule II to ITA-2000, serial number 9, it appears that
65A and 65B are to be treated as independent sections.
According to Section 65 A
therefore, " Contents of electronic records may be proved in accordance with
the provisions of Section 65B".
Whether by design or otherwise,
Section 65B clearly states that " Not withstanding anything contained in this
(Ed:Indian Evidence Act) Act, any information contained in an electronic
record which is printed on a paper, stored, recorded or copied in optical or
magnetic media produced by a computer (herein after called the Computer
Output) shall be deemed to be also a document...."
However, for the "Computer Output"
to be considered as admissible evidence, the conditions mentioned in the
Section 65 B (2) needs to be satisfied.
Section 65B(2) contains a series of
certifications which is to be provided by the person who is having lawful
control over the use of the Computer generating the said computer output and
is not easy to be fulfilled without extreme care.
It is in this context that the
responsibility of the Law Enforcement Authorities in India becomes onerous
while collecting the evidence.
In a typical incident when a Cyber
Crime is reported, the Police will have to quickly examine a large number of
Computers and storage media and gather leads from which further investigations
have to be made. Any delay may result in the evidence getting obliterated in
the ordinary course of usage of the suspect hard disk or the media.
Any such investigation has to cover
the following main aspects of Cyber Forensics, namely,
1. Collection of suspect evidence
2. Recovery of
3. Analysis of suspect evidence
If the process of such collection, recovery and analysis is not undertaken
properly, the evidence may be rejected in the Court of law as not satisfying
the conditions of Section 65B of the Indian Evidence Act.
In the evolution of the Indian challenge to Cyber Crimes, it may be said that
during the last three years, Police in different parts of the Country have
been exposed to the reality of Cyber Crimes and more and more cases are being
registered for investigation. However, if the Law enforcement does not focus
on the technical aspects of evidence collection and management, they will soon
find that they will be unable to prove any electronic document in a Court of
The undersigned who has been working with a missionary zeal for dissemination
of knowledge on Cyber Crime Risks and Cyber Law Compliance in India, has
www.ceac4india.com) provided a mechanism for archiving Cyber evidence of
certain kind such as web pages and e-mails.
Now he has embarked on the next step of assisting the Law Enforcement in India
with suitable Computer hardware and software that would enhance the quality of
"Cyber Evidence" that can be produced to a court of law in case of any Cyber
These Cyber Forensic gadgets are not only products that are required by the
Law Enforcement authorities, but also the IT Auditors in the Corporate
world. Hence this information is likely to be of interest to both the Law
Enforcement Authorities as well as the Information System Auditors.
More information on the hardware and software would follow in
January 5, 2003