The document discusses a case - Dileep v. State of Kerala 2020. It addresses two questions: 1) Whether the contents of a memory card/pen drive submitted to court can be considered a document. The court held that electronic records are documents. 2) Whether providing cloned copies of such contents to the accused poses security risks. The court opined that while measures like expert assistance and watermarks could help, complete prevention of misuse is impossible. It decided not to provide cloned copies in this case.

1. Banerjee Rohit Sujit Ruby
Roll No. 7
Law of Evidence

2. Dileep v. State of Kerala 2020 (9) SCC 161 : AIR 2020 SC 1,
Hon'ble Judges A. M. Khanwilkar, Dinesh Maheshwari JJ.
Question : Whether the contents of the memory card/pen-drive submitted to the Court along with the police report
can be treated as document as such. Indubitably, if the contents of the memory card/pen-drive are not to be treated
as document, the question of furnishing the same to the accused by virtue of Section 207 read with Section 173 of the
1973 Code would not arise.?
Answer : held, video footage / clipping contained in such memory card / pen drive being an electronic record is a
"document" and cannot be regarded as a material object. In conclusion, we hold that the contents of the memory
card/pen drive being electronic record must be regarded as a document. If the prosecution is relying on the same,
ordinarily, the accused must be given a cloned copy thereof to enable him/her to present an effective defence during
the trial. However, in cases involving issues such as of privacy of the complainant/witness or his/her identity, the Court
may be justified in providing only inspection thereof to the accused and his/her lawyer or expert for presenting
effective defence during the trial.
Case Law

3. Dileep v. State of Kerala 2020 (9) SCC 161 : AIR 2020 SC 1,
Hon'ble Judges A. M. Khanwilkar, Dinesh Maheshwari JJ.
Question : Whether parting of the cloned copy of the contents of the memory card/pen-drive and handing it over to
the accused may be safe or is likely to be misused by the accused or any other person with or without the permission
of the accused concerned?
Answer : We are of the opinion that certain conditions need to be imposed in the fact situation of the present case.
However, the safeguards/conditions suggested by the appellant such as to take help of experts, to impose
watermarks on the respective cloned copies etc., may not be sufficient measure to completely rule out the possibility
of misuse thereof. In that, with the advancement of technology, it may be possible to breach even the security seals
incorporated in the concerned cloned copy. Besides, it will be well-nigh impossible to keep track of the misuse of the
cloned copy and its safe and secured custody.
Case Law (contd.)

4. What is Electronic Records or Evidence
According to Black’s Law Dictionary,
Evidence is “something that tends to prove or disprove the existence
of an alleged fact.”
Electronic evidence, may simply be defined as a piece of evidence
generated by some mechanical or electronic processes.
It inculcates but not restricted to emails, text documents,
spreadsheets, images, graphics, database files, deleted files, data
back-ups, located on floppy disks, zip disks, hard drives, tape drives,
CD-ROMs, PDAs, cellular phones , microfilms, pen recorders and
faxes etc.

5. Five Separate Foundations
1. Relevance.
2. Authenticity
3. Hearsay.
4. Best evidence
5. Probative value

6. 1) Identification
2) Collection
3) Preservation
4) Chain of custody :
5) Transportation & Storage
6) Reporting
7) Information= Stored + Sent + Received
Steps For Handling Digital Evidence

7. 1) Identification : To know the digital evidence
2) Acquire : logical backup, copy the directories & files of a logical volume, not to capture deleted files, physical backup,
i.e., disk imaging/ cloning/mirror image, Exhibit Computer. he Government hard disk is to be used to store the Image of
the exhibit HDD. By using Write Protection device, the original hard disk can be free from contamination, The original
should be exhibited.
3) Authenticate : If the hash value is justified, the duplicate is authentic. Hash value is an Alphanumeric number, it’s a
digital fingerprint. For the acquisition and verification of hash value, the software MD5 is replaced with SHA2 to calculate
hash value
4) Analyze : Extract, Process, Interpret
5) Document : Report should clearly list: software’s used and versions, contain hash results, all storage media numbers,
model make, supported by photographs.
6) Testimony : Expert Opinion
Six Stages Of The Cyber Forensic Process

8. 1) Failure to collect and preserve the electronic evidence
1) The electronic files which are part of „captured computer, devices or media are isolated in a sanitized environment.
2) The replica/mirror image of the hard disks of computers, which have been seized by the investigating authorities to be deposited with the court.
3) The Hon’ble Court may take an appropriate decision with regard to such replica/mirror image would also be supplied to the accused under s.207
of Cr.P.C.
2) Failure to label the electronic devices/media etc.
3) Failure to calculate the “hash” function or “hash” value of the collected electronic data.
4) Failure to record details of computer forensic examination(s) in the charge sheet may lead to discharge or even
acquittal of the accused
Common Investigation Mistakes

9. • Tools
• Copying the hard drive (imaging)
• Viewing the data
• Recovering data
• Passwords and encryption
• Chain of custody
• Standard of proof
Analysis of Digital Evidence

10. Difference between Primary & Secondary
Evidence
Primary Documentary
Electronic Evidence
• Nature :
1. Normal form, single
• Only in Soft Form
• Authentication - Hash value
Secondary Documentary
Electronic Evidence
• Nature :
1. the computer was used form, single
regularly to store or process
information
2. for the purposes of any activities
regularly carried on over the period
• It may be in Hard copy or Soft copy
• Certificate U/s 65B(4)

11. Admissibility of digital evidence, which amended the Indian Evidence Act 1872 (IEA), the Indian Penal Code, 1860 (IPC) and the Banker's Book Evidence Act 1891.
• electronic records - means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer-generated
microfiche;
• electronic form - means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro
fiche or similar device;
• information - includes data, text, images, sound, voice, codes, computer programmes, software and databases or micro film, or computer generated micro fiche.
• fact - means and includes:-
• (1) Anything, state of things, or relation of things, capable of being perceived by the senses;
• (2) Any mental condition of which any person is conscious.
• document - means any matter expressed or described upon any substance by means of letters, figures or marks, or by more than one of those means, intended to
be used, or which may be used, for the purpose of recording that matter.
• evidence - means and includes—
• (1) All statements which the Court permits or requires to be made before it by witnesses, in relation to matters of fact under inquiry, such statements are called oral evidence;
• (2) All documents including electronic records produced for the inspection of the Court, such documents are called documentary evidence.
New Perspective by Information Technology
Act 2000 (IT Act)

12. As per the Explanation to Section 79A of the IT Act, Electronic form of evidence
means any information of probative value that is either stored or transmitted in
electronic form and includes computer evidence, digital audio, digital video, cell
phones, digital fax machines.
Courts can thus permit the use of digital evidence such as e-mails, digital
photographs, word processing documents, instant message histories, spread
sheets, internet browser histories, data bases, contents of computer memory,
computer backup, secured electronic records and secured electronic signatures,
Global Positioning System tracks, Logs from a hotel’s electronic door, Digital video
or audio etc., during the course of trials of a civil or criminal case.
Electronic Evidence explanation as per
Section 79A of IT Act

13. A printout of entry or a copy of printout referred to in sub-section (8) of section 2 shall be accompanied by the following, namely:-
a) A certificate to the effect that it is a printout of such entry or a copy of such printout by the principal accountant or branch manager; and
b) A certificate by a person in-charge of computer system containing a brief description of the computer system and the particulars of –
A. The safeguards adopted by the system to ensure that data is entered or any other operation performed only by authorised persons;
B. The safeguards adopted to prevent and detect unauthorized change of data;
C. The safeguards available to retrieve data that is lost due to systemic failure or any other reasons.
D. The manner in which data is transferred from the system to removable media like floppies, discs, tapes or other electromagnetic data storage devices;
E. The mode of verification in order to ensure that data has been accurately transferred to such removable media;
F. The mode of identification of such data storage devices;
G. The arrangements for the storage and custody of such storage devices;
H. The safeguards to prevent and detect any tampering with the system; and
I. any other factor, which will vouch for the integrity and accuracy of the system
Banker’s Book Evidence Act 1891 Section 2A

14. → Computer Output → Conditions u/s 65B(2) are satisfied → shall
be admissible → without further proof or production of the original.
Electronic Record, these are:
• Data generation;
• Storage;
• Receiving.
• Sending;
Summary of sub-sections of Section 65B

15. In Arjun Panditrao Khotkar v/s Kailash Kushanrao Gorantyal & Ors.: Civil Appeals 20825-20826 of 2017, it
has been held that Words “doing ANY of the following things” must be read as “doing ALL of the following
things”. It is also held that the certifier should mention following details in the Section 65B(4) certificate ...
1. He identifies the Electronic Record – Section 65B(4)(a).
2. Describing the manner in which it was produced – Section 65B(4)(a);
OR
2. Gives particulars of the device involved in the production of the Electronic Record to show that the
Electronic Record was produced by a computer - Section 65B(4)(b).
3. Such Computer was used regularly - Section 65B(2)(a) r/w Section 65B(4)(c).
4. Information was regularly fed into the computer – Section 65B(2)(b) r/w Section 65B(4)(c).
5. The computer was operating properly or was not out of operation - Section 65B(2)(c) r/w Section
65B(4)(c).
6. Information fed into the computer in the ordinary course of the said activities - Section 65B(2)(d) r/w
Section 65B(4)(c).
Essential requirements & contents of the
Certificate issued under Section 65B(4)

16. Challenges
• Technological ignorance & complexities
• Experts’ opinion may still be overruled by judicial discretion
• Prohibitive cost of certification & tools
• New Digital Personal Data Protection Act (DPDP Act), 2023
• New Bharatiya Sakshya Sanhita (BSS), 2023
• Potential & required Information Technology Act Revision
• Artificial Intelligence, Machine Learning & Deep Fake

17. THANK
YOU