Evidence is any sort of proof that is offered in court with the purpose of instilling belief in the minds of the persons in the court. Section 3 of the Indian Evidence Act of 1872 also applies to electronic evidence. Electronic evidence includes digital signatures, electronic signature certificates, electronic signatures, electronic records, and so on. As a result, electronic evidence is classified as secondary evidence. The admission of electronic evidence is mentioned in Section 65B of the Indian Evidence Act. It states that information available in an electronic medium and copied, recorded, or stored in magnetic or optical media, or printed on paper by a computer, shall be considered a document if it meets the conditions specified in Section 65B(2) of the Act and is admissible as evidence in the proceedings, with no further proof required.
Almost every criminal case in today’s society contains some form of electronic evidence belonging to the suspect or suspects that will need to be examined, regardless of the offence. When conducting a criminal investigation, it is critical that law enforcement officials understand the necessary processes for recognizing and managing electronic evidence, which can range from compact discs (CDs) to external hard drives with numerous terabytes of capacity. When it comes to electronic evidence, being conscientious and diligent can be the difference between a successful prosecution of a dangerous criminal, a not guilty conviction, or the worst word in an officer’s opinion, “Case dismissed!”
How Should Police Collect Electronic Evidence?
Digital data must first be acquired before it can be deemed evidence of an incident. Collecting forensic evidence for the sake of inquiry and/or prosecution is challenging at the best of times, but when such evidence is electronic, the situation becomes even more complicated[1]. Computer transactions are rapid, they can be conducted from anywhere, through everywhere, and to anyone, they can be encrypted anonymously, and they often lack intrinsic identifying elements such as handwriting and signatures that can be used to identify persons responsible. Any “paper trail” of computer records can be readily altered or removed, and it may only exist temporarily. Worse, when auditing programs are finished with them, they may automatically trash the remaining records[2].
To ensure the validity, integrity, and admissibility of electronic evidence in court, it must be collected in accordance with a set of best practices. Here’s how cops should gather technological evidence:
- Evidence Identification: Determine the type of electronic evidence that will be used in the case. Emails, text messages, digital documents, computer files, social network posts, and other digital data may be included.
- Preservation: Maintain the integrity of the electronic evidence to avoid any changes during the inquiry. Make a secure bit-for-bit clone (forensic image) of the digital media containing the evidence. Maintain a thorough chain of custody.
- Search and Seizure: If the electronic evidence is on a suspect’s device or at a specific place, police enforcement should get search and seizure warrants from the proper legal authorities. Searches must adhere to due process and be carried out in conformity with the law.
- Data Extraction: To extract electronic data from devices, use specialized forensic tools and techniques. Document the extraction process to ensure that the evidence is not altered or damaged.
- Analysis: Analyse the extracted data to determine its applicability to the case. This could include decrypting encrypted information, restoring erased data, or inspecting digital documents.
- Documentation: Ensure that the entire process is thoroughly documented, including how evidence was acquired, processed, and assessed. This documentation is crucial for demonstrating the evidence’s authenticity in court.
- Admissibility: Ensure that the evidence gathered complies with applicable legislation, such as India’s Electronic Evidence Act. Evidence obtained improperly or altered may not be accepted in court.
- Privacy Considerations: When collecting electronic evidence, keep in mind privacy rights and data protection regulations. Only relevant data should be collected, and sensitive information should be handled carefully.
- Storage: Store the evidence in a secure location to prevent tampering or unwanted access.
Collection Methods
“Freezing the scene” and “honeypotting” are the two most common types of collection. You can acquire frozen information after or during any honeypotting; the two are not mutually exclusive.
Taking a snapshot of the system in its degraded state is what freezing the scene entails. The appropriate authorities should be contacted, but we should not go public with our findings just yet. Then, begin collecting whatever data is important onto removable non-volatile media in a standard format, and ensure that the programs and utilities used to gather the data are also collected onto the same media as the data. All data acquired should be subjected to a cryptographic message digest, which should then be compared to the original for verification.
The technique of building a duplicate system and luring the attacker into it for additional surveillance is known as honeypotting. Sandboxing is a related strategy that involves limiting what the attacker can do while still on the compromised system so that they can be monitored without causing too much damage. The insertion of deceptive information and the attacker’s reaction to it is an effective way to determine the attacker’s motivations. We must ensure that any data on the system relating to the attacker’s detection and actions is either erased or encrypted; otherwise, the attacker can cover their tracks by destroying it.
Conclusion
In conclusion, accurate electronic evidence collecting is critical in today’s digital age, since practically every criminal case incorporates some form of digital data. This evidence is critical for investigations and prosecutions, and it can be the difference between a successful case and a case that is dismissed. The paper stressed the importance of following recognized best practices when dealing with electronic evidence, as well as the crucial role of law enforcement in this process.
The article also explored the classification of electronic evidence as secondary evidence and its admission under Section 65B of the Indian Evidence Act. It emphasizes the importance of meticulously gathering, maintaining and analysing electronic evidence to verify its legality and integrity.
Furthermore, the difficulties with electronic evidence were discussed, such as its potential for quick modification and the absence of traditional identifying markers. It emphasizes the significance of following correct processes, obtaining relevant search and seizure warrants, and protecting private rights while gathering evidence.
Evidence-gathering tactics, such as “freezing the scene” and “honeypotting,” have been outlined, giving law enforcement realistic approaches to dealing with electronic evidence. It has also been underlined the need to ensure data integrity throughout collecting and using cryptographic message digests for verification.
To ensure that justice is delivered effectively and fairly in the ever-changing digital context, law enforcement officials must be well-versed in the processing of electronic evidence. The thorough and legally sound collection of electronic evidence is not just a prerequisite; it is also a cornerstone of preserving trust and confidence in the criminal justice system.
This article is written and submitted by Sanskar Singhal during his course of internship at B&B Associates LLP. Sanskar is a 5th Year BBA LLB student at Geeta Institute of Law, Panipat.