HIMACHAL PRADESH NATIONAL LAW UNIVERSITY, SHIMLA

DISCPLINE

FORENSIC SCIENCE

TOPIC

DIGITAL FORENSIC AND CYBER FORENSIC

SUBMITTED BY SUBMITTED TO

NISHANT THAKUR DR. SHAIFALI DIXIT

Roll. No. 1020202144 ASSISTANT PROFESSOR

5TH year, 9TH semester FACULTY OF LAW

[Link] (Hons.) HPNLU

 ACKNOWLEDGEMENT

Presentation, inspiration and motivation have always played a key role in the success of my
venture. The success and final outcome of this assignment required a lot of guidance and
assistance and I am extremely fortunate to have got this to complete my assignment.
Whatever I have done is only due to such guidance and assistance, and I shall not forget
them. I respect and thank [Link] DIXIT, Assistant Professor of Law for giving me
an opportunity to do this assignment work and providing me all support and guidance which
made me complete the assignment on time. I would also like to thank my parents and friends
who helped me a lot in finalizing this project within the limited time frame. I express deep
gratitude to all the sources that helped me in journey of completion of this assignment. Last
but not the least, the completion of this undertaking could not have been possible without the
participation and assistance of so many people whose names may not be enumerated. Above
all, to the Great Almighty, the author of knowledge and wisdom, for showing his countless
love. Much obliged to you.

Page 2 of 22
 DECLARATION

I NISHANT THAKUR, [Link].1020202144, hereby declare that the work entitled

“DIGITAL FORENSIC AND CYBER FORENSIC‖ submitted to Himachal Pradesh
national law university, Shimla is my original work under the guidance of DR. SHAIFALI
DIXIT, assistant professor of law of HPNLU, Shimla . I have not copied from any other
students‘ work or from any other sources except where due reference or acknowledgment is
made explicitly, nor has any part been authored by another person.

Page 3 of 22
 Table of content

1. Introduction …………………………………………………………………………...5
2. What is evidence?...........................................................................................................7
a. Section 3 of evidence act………………………………………………………7
b. Section 2(i) of it act……………………………………………………………7
c. Section 2(r) of it act………………………………………………….………...7
d. Section 2(t) of it act……………………………………………………………7
3. What is digital forensic?...........................................................................................8-11
a. Branches of digital forensic……………………………………………………9
b. Investigation process……………………………………………………...10-11
i. Data collection………………………………………………………..10
ii. Examination………………………………………………………….11
iii. Data analysis…………………………………………………………11
iv. Reporting ……………………………………………………………11
c. Digital forensic and incident response……………………………………….12
4. What is cyber forensic?...........................................................................................13-18
a. Scope …………………………………………………………………….…..14
i. Hacking and data theft……………………………….………………14
ii. Receipt of stolen property……………………………………………14
iii. Identity theft and cheating by personation…………………………..15
iv. Violation of privacy………………………………………………….15
b. Phrases in a cyber forensic procedure……………….……………………….16
c. Challenges of cyber forensic…………………………………………………17
d. Cyber forensic on rise?.....................................................................................18
5. Comparison of cyber forensic and digital forensic…………………………………..19
6. Challenges and limitation………………………………………………...………19-21
7. Conclusion …………………………………………………………………………...22

Page 4 of 22
Section 378 of IPC Section 303 of BNS

Section 419 of IPC Section 319 of BNS

Section 3 of Evidence Act Section 2 of BSA

Section 65A of Evidence Act Section 62 of BSA

Section65B of Evidence Act Section 63 of BSA

INTRODUCTION
Digital forensics is the process of collecting and analyzing digital evidence in a way that
maintains its integrity and admissibility in court.

With an emphasis on the collection, examination, and presentation of electronic evidence,

digital forensics and cyber forensics are crucial disciplines in the realms of cyber security and
criminal investigation. An extensive explanation of their scope, difficulties, and remedies is
provided below, along with pertinent legislation and case laws.

While researching for this topic, I came across one movie ―unlocked‖ 2023 which fascinated
me alot which was entirely related to this assignment. So here, I am referring few points of
this movie.

“Lee Na-Mi is a regular office worker and marketer at a start-up company. She also works
part-time at her father's cafe. One day, she loses her smartphone on a bus, and someone finds
it. When she calls from her friend's phone, a person named Oh Jun-Yeong disguises his voice
and tells her to pick up her phone at a repair shop. He wants to get her password and
secretly installs spyware on her phone while pretending to fix it. From that moment on, Na-
Mi's phone becomes a tool for Jun-Yeong to spy on her. He invades her personal life and
makes her father suspicious of him. However, Na-Mi finds herself curious about Jun-Yeong
because they seem to have things in common. Jun-Yeong claims to work at a software
company and pretends to help her with the spyware. As things unfold, Jun-Yeong betrays Na-
Mi by leaking confidential information from her workplace and framing her for it. He
alsotries to make her believe that her best friend is responsible for the spyware. Ultimately,
Jun-Yeong succeeds in isolating Na-Mi from the important people in her life. At the same
Page 5 of 22
time, Detective Woo Ji-Man is investigating a murder case involving a body found in a
remote mountain area. The evidence points to his own son, Woo Jun-Yeong, as the possible
culprit. Seven more bodies are discovered, and they all have their smartphones taken by Jun-
Yeong. One of the victims, Eun Mi-gyeong, was believed to have run away, but now it seems
she was a victim too.”1

1. In the movie, the IT Act could be relevant in terms of unauthorized access to computer
systems, electronic surveillance, and cybercrimes committed by Oh Jun-Yeong, such as
installing spyware on Lee Na-Mi's phone. Under the IT Act, actions such as unauthorized
access to computer systems or networks, introduction of malware or spyware, and
interception of electronic communications without consent can be considered offenses. These
offenses may carry penalties and punishments as defined by the provisions of the IT Act.

2. The IPC is a criminal code in India that defines various offenses and their punishments. In
the context of the movie, specific provisions of the IPC may be relevant to address the actions
committed by Oh Jun-Yeong, including unauthorized access to Lee Na-Mi's phone, leaking
confidential information, framing her, and potentially being involved in the murders. The IPC
contains provisions related to offenses like unauthorized access to computer systems (Section
378)2, identity theft (Section 419)3. These provisions provide the legal framework to
prosecute individuals who engage in such activities.

3. Data Protection: While not explicitly mentioned in the movie plot, the concept of data
protection is highly relevant in the context of personal information being compromised
through the installation of spyware. Data protection laws aim to safeguard individuals'
personal information and regulate its collection, storage, and use. Depending on the
jurisdiction, data protection laws may include provisions for obtaining informed consent
Kim Tae Joon dir., Unlocked. Netflix,2023. before collecting personal data, ensuring the
security of personal information, notification in case of data breaches, and granting
individuals certain rights over their data, such as the right to access, rectify, or delete their
personal information.

In the movie, the unauthorized access to Lee Na-Mi's phone and the subsequent monitoring
of her actions, conversations, and texts by Oh Jun-Yeong can raise concerns related to

1
Kim Tae Joon dir., Unlocked. Netflix,2023.
2
Section 378 of IPC, 1860
3
Section 419 of IPC, 1860

Page 6 of 22
privacy and data protection. The provisions of data protection laws, which can vary from
country to country, would address the legal implications of such actions and provide remedies
for the victims.

WHAT IS EVIDENCE?

As you can see, there are three forms of evidence under evidence act i.e.

1. Oral evidence,
2. Documentary evidence, and
3. Electronic records

According to Section 34, IEA:- terms like "electronic form," "electronic records," and
"information" will have the same meanings as defined in the Information Technology Act,
2000 (IT Act).

According to Section 2(i)5, IT Act, a "computer" is any electronic device that processes data
and performs logical, arithmetic, and memory functions. This includes all related components
such as input and output devices, processing units, storage, software, and communication
facilities connected to a computer system or network.

Section 2(r)6 of the IT Act defines "electronic form" as any information that is generated,
sent, received, or stored using various media like magnetic or optical devices. This means any
information saved on electronic devices is considered to be in electronic form, but it does not
include printouts.

Section 2(t)7 defines "electronic record" as data or records that are generated, stored, or sent
in an electronic format. These records require a machine to read them and include things like
computer-generated documents and information stored on DVDs or microfilm. An electronic
record can consist of text, graphics, audio, or other digital representations created or modified
by a computer system.

4
Section 3 of IEA, 1872
5
Section 2(i) of IEA, 2000
6
Section 2(r) of IEA, 2000
7
Section 2(t) of IEA, 2000

Page 7 of 22
WHAT IS DIGITAL FORENSIC?

One area of forensic science is digital forensics. In addition to helping with criminal and civil
investigations, it is utilized to look into cybercrimes. Digital forensics, for example, can be
used by law enforcement to examine data from a murder suspect's devices or by cyber
security teams to find the hackers responsible for a malware attack.

Because digital forensics handles digital evidence just like any other type of evidence, it has a
wide range of uses. Digital forensics investigators adhere to a stringent forensics procedure
(sometimes called a chain of custody) when handling digital evidence to prevent tampering,
much as authorities follow particular procedures to collect tangible evidence from a crime
scene.

Computer forensics and digital forensics are frequently used interchangeably. While
computer forensics focuses on collecting evidence from computing devices, including
computers, tablets, smartphones, and devices having a central processing unit (CPU), digital
forensics technically encompasses collecting information from any digital device.

A new area of cyber security called "digital forensics and incident response" (DFIR)
combines computer forensics and incident response tasks to expedite the removal of cyber
threats while protecting any associated digital evidence.

Page 8 of 22
BRANCHES OF DIGITAL FORENSICS

Digital forensics contains discrete branches based on the different sources of forensic data 8.
Some of the most popular branches of digital forensics include:-

Computer forensics (or cyber forensics):

• gathering digital evidence from computer devices
by combining legal forensics and computer
science.
Mobile device forensics:
• using smartphones, tablets, and other mobile
devices to investigate and evaluate digital
evidence.
Database forensics:
• investigating and evaluating databases and the
information associated with them in order to find
proof of data breaches or cybercrimes.
Network forensics:
• Monitoring and analyzing information from
computer network traffic, such as web surfing
and device-to-device conversations.
File system forensics:
• examining data contained in files and folders on
endpoints, such as servers, workstations, laptops,
and mobile phones.
Memory forensics:

• analyzing digital information stored in random

access memory (RAM) on a device.

8
Khachatryan, A. (2022), Platform law and the brand enterprise. Berkeley Tech. LJ, 32, 1135.

Page 9 of 22
INVETIGATION PROCESS?

The National Institute of Standards and Technology (NIST) four steps in the digital forensic
analysis process.9

Steps includes:

data collection

reporting steps examination

data analysis

1) Data collection
 Determine whether digital devices or storage media hold data, metadata, or other
digital information that is pertinent to the investigation of digital forensics.
 To maintain a tight chain of custody in criminal prosecutions, police enforcement will
confiscate evidence from a possible crime scene.
 Using a forensic imaging tool or a hard drive duplicator, forensics teams create a
forensic copy of the data in order to maintain the integrity of the evidence.
 To prevent manipulation, they protect the original data after the duplicating process
and carry out the remaining analysis on the duplicates.

9
Marsoof, A. (2019). Internet intermediaries and trademark rights. Routledge.

Page 10 of 22
2) Examination
 Investigators comb through information and data for signs of cybercrime.
 Web browser histories, chat logs, remote storage devices, deleted space, accessible
disk spaces, operating system caches, and almost any other component of a
computerized system may all be used by forensic examiners to retrieve digital data.

3) Data analysis
 To extract data and insights from digital evidence, forensic analysts employ a variety
of techniques and digital forensic technologies.
 For example, they may employ specialized forensic techniques such as live analysis,
which checks systems that are still operating for volatile data, or reverse
steganography, which reveals data that has been hidden using steganography (a
technique for hiding sensitive information within ordinary-looking messages), in
order to find "hidden" data or metadata.
 To connect discoveries to particular threat actors, investigators may also make use of
both private and open-source technologies.

4) Reporting
 When the investigation is complete, forensic specialists provide a formal report
outlining their findings, including what transpired and potential culprits.
 Each instance has a different report. Regarding cybercrimes, they may offer
suggestions for addressing weaknesses to stop such assaults in the future. Reports are
also commonly shared with law enforcement, insurers, regulators, and other
authorities, and they are often used to present digital evidence in court.

DFIR: Digital forensics and incident response

When incident response—the identification and mitigation of ongoing cyber attacks—and

computer forensics are carried out separately, they may conflict and have a detrimental effect
on a company.10

10
Countering Brandjacking in the Digital Age:...and Other Hidden Risks to Your Brand. Springer Science & Business Media. Katyal, S., &
Grinvald, L. C. (2018).

Page 11 of 22
 While eliminating a danger from the network, incident response teams have the ability to
modify or remove digital evidence. While they search for and gather evidence, forensic
investigators may postpone resolving threats.

In order to help information security teams halt cyber attacks more quickly and preserve
digital evidence that can be lost in the haste of threat mitigation, digital forensics and incident
response, or DFIR, integrates computer forensics and incident response into a workflow.

2 major benefits of DFIR

Forensic data collection happening Post-incident review including

alongside threat mitigation examination of digital evidence

Incident responders use computer In addition to preserving evidence

forensic techniques to gather and for legal action, DFIR teams
preserve data while confining and utilize it to reconstruct cyber
eliminating threat while ensuring that security incidents from beginning
the right chain of custody is to end in order to determine what
maintained and that valuable happened, how it happened, the
evidence is not altered or destroyed. degree of the damage, and how
similar attacks might be avoided.

DFIR lead to in quicker threat mitigation, stronger threat recovery, and improved proof for
investigating criminal cases, cybercrimes, insurance claims, and other security incidents.

There are some cases which is related to digital forensics:-

Aarushi Talwar-Hemraj Double Murder Case11

In the 2008 Aarushi Talwar and Hemraj double murder case, digital forensics played a crucial
role in examining electronic evidence. Investigators used computer data, emails, and mobile

11
Dr. Mrs. Nupur Talwar v. State of UP & Anr, 1984 2 SCC 627

Page 12 of 22
phone records to reconstruct the communication and interactions between the victims and
potential suspects. By analyzing digital footprints, they were able to gather information about
the victims' activities and identify possible leads, despite facing challenges related to data
handling and integrity.

The Patiala House Court Leak case12: The Leak case in Patiala House court involved the
leaking of sensitive documents and information. Digital forensics played an important role in
tracking down the source of leak, in analysis of electronic communication, and in the
identification of those responsible for the sacrifice of confidential information. The case
highlighted the importance of securing digital infrastructure in order to prevent data leaks.

WHAT IS CYBER FORENSICS?

Cyber forensics is the practice of extracting information, analyzing data, and gathering
intelligence. This material pertains to acts that can be presented in a court of law as a
systematic chain of evidence.

Cyber forensics, also known as computer forensics, emerged as an established subject in the
1980s. Criminal activities began to shift to the digital realm as personal computers became
more popular. Traditional forensics procedures could no longer manage the new digital form
of evidence. This resulted in the rise of computer forensics.

 It can recover deleted files, chat logs, emails, etc

 It can also get deleted SMS, Phone calls.
 It can get recorded audio of phone conversations.
 It can determine which user used which system and for how much time.
 It can identify which user ran which program.

Scope of cyber forensic

 HACKING AND DATA THEFT13

12
Disha A. Ravi vs State (Nct Of Delhi) & Ors., AIRONLINE 2021 DEL 159

13
Information Technology Act, 2000, § 43 and § 66, No.21, Acts of Parliament, 2000 (India).

Page 13 of 22
 Sections 43 and 66 of the IT Act criminalise a variety of crimes, including hacking
into a computer network, data theft, introducing and propagating viruses through
computer networks, and causing damage to computers or computer networks.
programmes, interfering with any computer, computer system, or computer network,
denying an authorised person access to a computer or computer network, damaging or
deleting data stored in a computer, and so forth. The maximum penalty for the
aforementioned violations is imprisonment for up to three (three) years or a fine of
Rs. 5,00,000 (Rupees five lakh), or both.

Sony Pictures Hacking Incident (2014): Cyber forensic experts traced the attack to
foreign hackers after sensitive data and unreleased movies were stolen.

 RECEIPT OF STOLEN PROPERTY14

Section 66B of the IT Act specifies the penalty for obtaining a stolen computer
resource or communication device. This provision requires that the person receiving
the stolen property did so dishonestly or had grounds to suspect that it was stolen
property. Under Section 66B of the IT Act, the punishment for this offence is
imprisonment for up to three (three) years or a fine of up to Rs. 1,00,000 (Rupees one
lakh), or both.

 IDENTITY THEFT AND CHEATING BY PERSONATION15

Section 66C of the IT Act prescribes punishment for identity theft and states that
anyone who fraudulently or dishonestly uses another person's electronic signature,
password, or any other unique identification feature shall be punished with
imprisonment of either description for a term that may extend to 3 (three) years and
shall also be liable to a fine of Rs. 1,00,000 (Rupees one lac). Section 66D16 of the IT
Act imposes punishment for 'cheating by personation by utilising computer resource,'
and states that any person who cheats by personation by using any communication
device or computer resource, shall be punished by imprisonment of any kind for a
duration not exceeding three (three) years, as well as a fine not exceeding Rs. one
lakh (Rupees one lakh).

14
Information Technology Act, 2000, § 66B, No.21, Acts of Parliament, 2000 (India).
15
Information Technology Act, 2000, § 66C, No.21, Acts of Parliament, 2000 (India).
16
Information Technology Act, 2000, § 66D, No.21, Acts of Parliament, 2000 (India)

Page 14 of 22
 VIOLATON OF PRIVACY17

Section 66E of the IT Act imposes punishment for invasion of privacy and states that
anybody who intentionally or knowingly records, publishes, or transmits an image of
a private region of another person without his or her consent, under certain conditions,
is punishable. breaching that person's privacy shall be penalised by imprisonment for
a term not exceeding three years or a fine not exceeding Rs. two lakh (Rupees two
lakh), or both.

Phases in a cyber forensics procedure

Cyber forensics often uses predefined techniques to extract information and generate a
structured evidence report:

identif
ication

presen preser
tation vation
Phrases

docum
analys
entatio
is
n

Identification. Determining which evidence is needed for the goal.

Preservation. Choosing how to preserve the integrity and security of the retrieved evidence.

17
Information Technology Act, 2000, § 66E, No.21, Acts of Parliament, 2000 (India)

Page 15 of 22
Analysis. Understanding what insights the material does (and does not) offer.

Documentation. Creating and retrieving data to explain a series of actions.

Presentation. Provide a systematic summary of the extracted insights that led to a

conclusion.

At all phases of the cyber forensics process, investigators must adhere to protocols that
ensure the completeness, objectivity, authenticity, and integrity of material discovered
throughout the investigation.

CHALLENGES WITH CYBER FORENSICS

Cyber forensics professionals gather data from a wide range of sources, including any
technology that an end user may utilize. These include mobile devices, cloud computing
services, IT networks, and software applications.

These technologies are developed and operated by distinct suppliers. Technology restrictions
and privacy protections tend to limit the investigation capabilities of an individual InfoSec
specialist, since they confront the following challenges:

Data recovery. If the data is encrypted, the investigator will be unable to decrypt it without
access to the encryption keys. New storage technologies, such as SSD devices, may not
provide rapid factory access to retrieve lost data, as classic magnetic tape and hard disk drive
systems provide.

Visibility into the cloud system. Investigators may only have access to metadata, not the
file's information substance. The underlying resources can be shared and assigned
dynamically. Due to a lack of access to physical storage systems, third-party investigators
may be unable to retrieve lost data.

The network logs large amounts of data. Network log data is increasing fast, necessitating
advanced analytics and AI solutions to connect the dots and discover relevant links between
networking activity.

Multi jurisdictional data storage. If the data is held in a separate geographic area, cyber
forensics investigators may lack the legal right to get the necessary information.

Page 16 of 22
Cases which are related to cyber forensic

Hosting Obscene Profiles (Tamil Nadu) case18:-

Here I am starting with a case which happened in Tamil Nadu. The case is about the hosting
obscene profiles. This case has solved by the investigation team in Tamil Nadu. The
complainant was a girl and the suspect was her college mate. In this case the suspect will
create some fake profile of the complainant and put in some dating website. He did this as a
revenge for not accepting his marriage proposal. So this is the background of the case.

Investigation Process

As per the complaint of the girls the investigators started investigation and analyze the
webpage where her profile and details. And they log in to that fake profile by determining its
credentials, and they find out from where these profiles were created by using access log.
They identified 2 IP addresses, and also identified the ISP. From that ISP detail they
determine that those details are uploaded from a café. So the investigators went to that café
and from the register and determine suspect name. Then he got arrested and examining his
SIM the investigators found number of the complainant.

Hacking (Karnataka)19 case:-

In this case the complainant receives the obscene pornographic material at her email address
and mobile phone. She also stated that she had a doubt somebody has hacked her accounts.

Investigation Process

The investigating team analyse the mail received by the suspect, and they sent message to
different email using complainant email address. Subsequently the investigating team was
able to identify the ISP address of the computer system and it was also tracked on an
organisation in Delhi from its server logs, through this log they get to know about the system
from which the obscene material was sent. Using disk imaging and analysing tool the email
were retrieved from the system.

CYBER FORENSICS ON THE RISE?

18
Tamil Nadu v. Suhas katti, 2004 cc No. 4680
19
Virendra Khanna v. State of Karnataka, WP 11759/2020

Page 17 of 22
As additional laws and compliance requirements governing data privacy and protection are
implemented, the need for cyber forensics may expand.

For example, if a corporation wishes to take legal action against cyber attackers, cyber
forensics would be required to demonstrate the facts: who did it, what actions they took, the
consequences and harm, and so on.

Comparison of Cyber Forensics and Digital Forensics

Aspect Cyber Forensics Digital Forensics

Definition Specialized in internet and Broader, covering all types of

network-based crimes. digital evidence.

Scope Internet and online systems. Both offline and online

digital evidence.

Examples Investigating phishing or Recovering data from a

hacking incidents. computer or mobile device.

Legal Provisions Sections 65, 66C, and 66D of Section 65B of the Evidence
the IT Act Act and IT Act.

CHALLENGES AND LIMITATION

In recent years, advancements in computer technology have brought both benefits and
challenges. While some individuals use technology to innovate and solve problems for
society, others exploit it for illegal activities20This misuse has made digital investigations
increasingly difficult for law enforcement agencies. They face challenges such as responding
to cyberattacks, recovering lost data, and preserving evidence on storage devices 21.

20
Kaur, H. and Jindal, N. (2020) ‗Image and video forensics: a critical survey‘, Wireless Personal
Communications, pp.1–22.
21
Sikos, L.F. (2020) ‗Packet analysis for network forensics: a comprehensive survey‘, Forensic Science International: Digital Investigation,
Vol. 32, p.200892.

Page 18 of 22
Despite the proposed method‘s advantages over other existing forensic methods, there are
some challenges and limitations. These challenges are listed and briefly discussed below.

Most of the existing methods cannot bypass the pass-code mechanism and encryption if it is
enabled. However, the proposed method inherently captures this fact and overcome this issue
by taking the suspect computer into custody as one can still gain access to the iPhone even
with the pass-code protection on if iPhone pairing files are captured from an iPhone backup.

Jailbreaking is a term used by iPhone users that wish to install applications that are not
authorized by Apple. The jailbreaking process allows users access to the iPhone‘s file system.
It would be critical to investigate if the proposed method is affected by jailbreaking the
iPhone.

Judicial pronouncement

Shreya Singhal v. Union of India,201522

The case challenged Section 66A of the Information Technology Act of 2000, which
criminalized offensive online content. The Supreme Court overturned it, declaring it invalid.

Forensic Role:
Analysis of Online Content: Digital forensics examined whether online posts were
purposefully offensive or harassing as defined by Section 66A.

Data Documentation:
Forensics preserved digital evidence for proving ambiguity and abuse of Section 66A.
Examples of flagged content were obtained for illustrating how the section was often used to
suppress freedom of expression rather than target genuine offenses.

Syed Asifuddin vs. State of Andhra Pradesh (2006)23

This lawsuit involves a dispute between Tata Indicom and Reliance Infocomm regarding the
misuse of electronic codes and customer data.

22
Shreya singhal v. union of india Air 2015, SC 1523
23
Syed Asifuddin vs. State of Andhra Pradesh (2006), (1) ALD Cri 96, 2005 CrLJ 4314, 2005 Indlaw AP 500

Page 19 of 22
Forensic Role:

Evidence was extracted using cyber forensic technologies, which analyzed electronic codes
and data transfers.

Authentication of Digital Evidence:

Made certain that evidence such as phone records and software manipulations were
admissible in court.

Traceability: Helped trace unwanted access to systems and confirmed data breaches.

Avnish Bajaj v. State (NCT of Delhi), 200824

The case began after an indecent MMS was sold on [Link] (now eBay India). The CEO
was found accountable for the platform's failure to restrict the selling of explicit content.

Forensic role:
Digital forensic experts monitored the MMS transaction through payment gateways and user
accounts on [Link] to create a chain of custody for evidence.
Explicit MMS content was analyzed to verify its authenticity and source, indicating
unacceptable contents.
Forensics tracked the IP address of the person who uploaded the MMS, identifying the seller
and establishing the platform's participation in the transaction.

Haresh Dayaram Thakur v. State of Maharashtra (2000) 25:

This case dealt with financial fraud, namely fake email correspondence and the exploitation
of electronic data.
Forensic role:
Forensic experts examined email information to identify fake communications. This includes
sender IP addresses, timestamps, and route information.
Data Recovery:
Forensic tools were used to recover deleted or hidden files associated with fraudulent actions.
Authenticated documents:

24
Avnish bajaj v. state ( nct of delhi), 2005, 2008 Indlaw DEL 763, 2008 (150) DLT 769, 2008
25 Haresh Dayaram Thakur v. State of Maharashtra,AIR 2000 SUPREME COURT 2281

Page 20 of 22
by examining digital signatures and timestamps to detect tampering.
Reviewing server and network logs helped identify illegal access points and the scope of the
intrusion.

NCT of Delhi v. Navjot Sandhu (Parliament Attack Case, 2005) 26.

This case included the infamous 2001 Parliament attack, for which the accused were charged
with conspiracy and terrorism under various laws, including the Prevention of Terrorism Act
(POTA).

Forensic Role:
Cyber forensics examined mobile call data to connect the accused to the crime. The
prosecution presented intercepted phone calls as evidence of the attack's preparation and
execution.
Telecommunications Analysis:
Cell tower data was used to locate suspects during and before the incident.
Experts retrieved call logs, proving communication among key conspirators.
The defense questioned the admissibility and accuracy of digital evidence. Forensic experts
made sure the chain of custody was maintained, validating the evidence's integrity.

Anwar P.V. vs. P.K. Basheer (2014)27

This case concerned the admissibility of electronic evidence under Section 65B of the Indian
Evidence Act, 1872. The Supreme Court clarified the necessity for a certificate under Section
65B for electronic evidence to be admissible in court.

Forensic Role:
Digital forensics played a crucial role in certifying electronic evidence, including emails and
text messages, with the necessary Section 65B certificate.
Forensic tools verified the authenticity and integrity of electronic information submitted in
court, including audio recordings and papers.

26 NCT of Delhi v. Navjot Sandhu AIR 2005 11 SCC 600

27
Anwar P.V. vs. P.K. Basheer , AIR 2015 SUPREME COURT 180

Page 21 of 22
Hafi Mohammed vs. State of Himachal Pradesh (2018)28
This case addressed the conditions for electronic evidence admission under Section 65B of
the Indian Evidence Act. The court noted that a Section 65B certificate is required unless the
individual submitting the evidence is unable to give one, in which case alternative
admissibility may be considered.

Forensic Role:

The case emphasized the evolving role of digital forensics in addressing evidential issues,
particularly for data originating from third-party systems like CCTV footage or external
servers.
Forensics validated digital evidence, including video footage and recordings, to ensure it
matched legal and technological criteria for court use.

CONCLUSION

Digital and cyber forensics are critical in the present era of technology, addressing both
classic crimes with digital aspects and internet-specific crimes. While digital forensics offers
a larger arsenal for evaluating electronic evidence, cyber forensics focuses on internet-based
offenses. Legal regulations such as the IT Act and case laws such as Avnish Bajaj v. State
provide strong frameworks for evidence collecting and prosecution, but technological
problems necessitate ongoing growth in forensic methods.

Forensics comprises a wide spectrum of scientific applications in criminal investigations,

with cyber and digital forensics serving as current branches. While cyber forensics focuses on
internet-related crimes, digital forensics offers a more comprehensive toolset for dealing with
all sorts of digital evidence. The provisions of the IT Act of 2000 and the Indian Evidence
Act of 1872 assure their admissibility and successful use in judicial systems, making them
important in today's digital era.

28
Hafi Mohammed vs. State of Himachal Pradesh AIR 2018, (Crl.)No.2302 of 2017

Page 22 of 22