Role of Digital Forensics in Law

By: Ilakkiya Kamaraj


Technology as rapidly developed in the following decades. The invention of smart phones and the internet has made the lives of people much easier in this fast-moving world. But as once said by the great scientist Albert Einstein, “Technological progress is like an axe in the hands of a pathological criminal”. Though technological development acts as an advantage it also gives room for the criminals to come up with different types of cybercrimes. The computer-related crime rates relating to online theft, fraud, child pornography have been increased rapidly. Digital forensics helps to identify these crimes and put these activities in control. This paper concentrates on defining about the digital forensic, the growth of cyber crime and how it is controlled by digital forensics, the role of digital forensic in law and the acts taken by the Indian Government to control cyber crimes through digital forensics.

Digital forensics:

The process of identifying, preserving, extracting and documenting the computer shreds of evidence is referred to as digital forensics or digital forensics science. In short digital forensics means recovering data and the investigation of computer-related crimes or any other digital device. Digital forensic is a very important branch and it is equivalent to performing autopsy in crime scene. Digital forensics can be used to scrutinize all those devices that can store digital data. Digital devices include server, cell phones, computer and network. Most complicated digital-related cases can be solved through the best techniques of digital forensics.

Computer-related crimes were into practice from the year 1970’s itself. This crime was dealt with the existing laws. Later in the year 1915 scientific studies was used to do criminal investigations. But as there was vast technological growth over the decades the crime rate relating to technology also increased drastically. Crimes like happy slapping, cyber bullying, online theft and online predators, child pornography as became very common. Subsequently, many acts were also passed to keep a check on these crime rates. Usually, the forensic investigator uses several techniques to investigate which includes forensic data analysis, disk forensics, network forensics, wireless forensic, email forensic, mobile device forensics, database forensics, memory forensics and malware forensics.

Branches in digital forensics:

As digital devices include not only computer and extend to a mobile device, network, flash drives etc., Retrieving data from these devices is also necessary.

  • Computer forensics means retrieving data from computer and static memory like USB and embedded system.
  • To study the forensic database and their metadata one of the digital forensic branch called database forensics is used.
  • Analyzing and monitoring information and evidence from computer network either local or WAN is known as network forensics.
  • To analyze the pattern of fraudulent activities in the financial crime and to examine the structured data the forensic data analysis can be used.
  • Mobile forensics is also a branch in digital forensics. Recovering digital evidence like SMS or email from a mobile device is known as mobile forensics. The inbuilt communication system like GSM differentiates mobile forensics from computer forensics.

Digital forensics in law:

Digital forensics is applied in various sectors and private investigation. Both national and international legislation covers digital media. But it plays a dominant role in the field of law. This is because the Court of Law uses the pieces of evidence collected through investigation. This evidence is concerned with civil law or criminal law but habitually it is related to the criminal law. Digital forensics is also being used widely in the cases of intellectual property theft, employment disputes, bankruptcy investigation, fraud investigations etc., in recent years. Court of Law:

The evidence collected through investigations is used to uphold or decline a conjecture before the Court. These evidences are of different types which include real evidence, direct evidence, collaborative evidence, hearsay and circumstantial evidence. The Court prefers evidence to be more accurate, relevant and convincing. The collected evidence should be more vital so that its integrity is not questioned. In the cases involving IT secondary evidence documents are considered. Who, when and where the investigation was handled are some common elements concerned with evidence collecting.

Merits of digital forensics in law:

  • Digital forensics can be used as evidence in the Court of Law. With the evidence collected the identification of the culprit becomes much easier.
  • Evidence can be extracted even from the deleted files and partitions through data acquisition and duplication. It helps the investigator in recovering and preserving digital devices related materials.
  • Designing procedures make sure that the corruption of digital evidence is under control.
  • Identifying any malicious activity on the victim can be done very easily.
  • Preserving the evidence can be done for future references.

Steps involved in investigating process:

The person who is collecting evidence is known as a forensic investigator. An investigator while collecting evidence should make sure that the collected evidence is withstanding any legal proceedings. As we discussed earlier digital forensics is all about identifying, acquiring, preserving, analyzing and documenting of digital data. The following steps are followed by the forensic investigators to collect evidence which can be accomplished by the Court.

  1. Identifying:

The first and foremost step in collecting evidence is identification. The scope of the action must be identified before beginning any form of examination in the area of digital forensics. The process of searching and detecting digital evidence is done here. This process also includes what evidence is presented along with where and how it is stored. All the evidence used in the perpetration of crime must be examined by the digital evidence first responder.

In Krenar Lusha case in the year 2009 in the UK, in the investigation process, it came to know that Krenar has downloaded a manual of 4300gm to make explosives[1].

  1. Acquiring:

The process of collecting evidence is known as acquisition. These evidences are collected from electronic media like personal computers, PDAs, mobile phones etc., Investigators perform acquisition of data through the following four methods, disk to disk copy, disk to image file , logical disk to a disk file, sparse data copy of a file or folder.

  1. Preservation:

To prevent digital evidence from being changed or altering, the data should be isolated and should be preserved in a secured physical site. Preservation of digital evidence helps to reduce tampering of evidence. Criminal cases should be examined through the law imposed personnel for the reason for the preservation of evidence. The company officer performs this examination in civil cases.

  1. Analyzing:

Numerous reiteration of analysis takes place to support a crime theory. Based on the evidence found by the investigators a conclusion will be derived by reconstructing the events.

  1. Documenting:

Documenting is the key concept of digital forensics. Recreating of the crime scene is done in this process by documenting the crime scene in proper documentation. Photography, screen scene mapping and sketching can be done in documenting the crime scene for better understanding. At last, the collected documentation will be summarized and explained.

Many cases have been solved with the digital forensic process such as Matt baker case, larry Jo Thomas case, Rose Comptown case, Mikayla Munn case etc.,


Cybercrime is a computer-related criminal activity. It also includes other digital devices. Electronic evidence is defined as any information of probative value in electronic form, computer evidence, digital audio and video, cell phones, a digital fax machine that are stored or transmitted[2]. The cybercrime act is not only done by individuals, it is done through organizations too. Cybercrime includes theft of corporate data, financial data, email or internet fraud, invasion of privacy, cyber extortion, phishing, ransomware attacks, hacking, cyberespionage, spamming, cyberstalking etc., These crimes are identified with the help of digital forensics. Under the Information Technology Act, 4231 cybercrimes were recorded according to the National Crimes Record Bureau between the years 2009 to 2011.

Steps taken by the Indian Government:

To keep a check in the crime rate of digital-related crimes the Indian Government as enacted many acts which enables digital forensic to perform its duties with certain rights.

  • Under section 3 of the Evidence Act, 1872 the term ‘evidence’ was amended to ‘electronic evidence’ that can be accepted as evidence in the Court of Law[3].
  • In the case of Sanjay Kumar v State of Haryana[4], the appellant-accused was convicted under section 420, 426, 468, 471 of IPC and for Section 65 and 66 of Information and Technology Act, 2000 for tampering with computer sources document.
  • The respondents were punishable under section 67 of the Information Technology Act, 2000 and Section 6 of Indecent Representation of Women’s Act, 1968[5].
  • It was held that section 43(g) of the IT Act, 2000 is declared void which was invoked by the police[6].
  • In the case of SMC Pneumatics Pvt. Ltd .v. Jogesh Kwatra[7], the Delhi Court passed an important ex- parte injunction in India’s first defamation case assuming jurisdiction over the case over the matter where there was defamation passed through e-mails affecting the Corporate company’s reputation.


Thus digital forensics acts as a primary source to help in preventing cybercrimes by detecting it and acting as evidence in the Court of Law. Hence it plays a major role in the law field. It helps to identify cybercriminals and lead to punish them. It also leads other companies and organizations to protect their important information. There is no doubt that the improvement in digital technologies will increase further. Thus a well thought out strategy in digital forensics helps to prevent cybercrimes in future.




[1] Man Jailed Over Suicide Bomb Book, BBC NEWS, December 15, 2009,

[2] The Information Technology (Amendment) Act, 2008, Sec 70(a).

[3] The Indian Evidence Act, 1872, sec 3.

[4] CRR No. 65 of 2013.

[5] Fatima Riswana v State Rep., (2005) 1 S.C.C. 582.

[6] Sekar v The Principle General Manager, W.P No. 10208 of 2005.

[7] CS No. 1279 of 2001.