Wipro has hired a forensic firm to investigate the cyber attack on its system, which was recently reported by the industry website.[1] Cyber forensics laboratories and cyber forensics training facilities are being set up in 13 states and union territories to check crime rates again women.[2]In another case a gang of Chinese fraudsters did fraud of 18.6 million USD from the Indian arm of Italian company Tecnimont spa, which is considered to be one of the biggest cyber heists in the country.[3] These are the just few instances which are mentioned to showcase the need of improved digital forensics and cyber security in India. These days’ criminals usually commit crime without involving any computing device. This makes the digital forensics examiner to think which types of criminals have so much skill and ability to handle such digital evidences. In India law enforcement agencies are taking different methods for addressing the increasing load of digital evidence.

India is a democratic nation but still it finds very difficult to balance between the legal and judicial system. The law enforcement agencies are still reluctant to follow the new suits for preventing cyber crime. In this paper an attempt has been made to showcase the present scenario of digital forensics and cyber security in India, difficulties which are being faced by legal and police department. This paper also gives a brief about the trends and pattern of digital forensics and cyber security in India.

Research question

  1. What is digital forensics?
  2. Whether the acquiring of digital forensics by the investigation officer amounts to the breach of the right to privacy?
  3. Whether there are any established legal regimes for digital and Cyber forensics among nations?
  4. What are the possible solutions and suggestions for a better Digital and cyber forensics department in India?

  1. What is Digital Forensics?

It is the process of preserving, identifying, extracting, and documenting the computer evidence which can be used in the court of law. It can also be termed as “Science of finding evidence from digital media”. It helps the forensic team by providing the best techniques and tools to solve complex digital- cases. [4]

Brief Landmark on the history of Digital forensics –

 The foundation of digital forensics started in 1840s when Hans Gross (1847-1915) became the first person to use scientific studies in the criminal investigation.  Later in 1942 FBI in the USA set up a forensic laboratory to offer forensic services to all local authorities .1978 was the year when first computer crime happened and Florida Computer Crime Act came to force.  The term Computer Forensics was used in the literature for the first time in the year 1992.  This helped in the formation of International organisation on Computer Evidence (IOCE) in the year 1995. The digital forensics came to prominence in the year 2000 with the establishment of the first Regional computer forensic laboratory by the FBI. All this resulted into the publication of first book by the Scientific Working group on digital evidence (SWGDE), called “Best Practices for Computer Forensics” in the year 2002.  In the year 2010, Simson Garfinkel incorporated digital evidences in the forensic investigation processes[5].

Steps of Digital Forensics –

  1. Identification- This is the first step in the process of digital forensics. It involves the identification of the purpose of investigation and various resources required for the completion of the investigation.
  2. Preservation- In this step data is isolated and preserved so that it can be used for further investigation.
  3. Analysis – It identifies the tools that can be used, process the data which is preserved in the second stage of digital forensics and then analyse the data.
  4. Documentation-   It involves documentation of the crime scene such as taking photograph, sketching and crime scene mapping.
  5. Presentation – This is the last step in the process of digital forensics and it summarizes and explains the conclusion of the digital forensics investigation.

Types of Digital Forensics –

  1. Disk Forensics – It extracts data from storage devices by searching active, modified and deleted files from the storage device.
  2. Network Forensics – It studies computer network traffic and collect digital and legal evidences.
  3. Wireless Forensics – It analyzes and collects the data from wireless network traffic.
  4. Database Forensics – It studies and examines databases and their met data.
  5. Malware Forensics – It studies the identification of malicious code, viruses and other payloads.
  6. Email Forensics – It studies the recovery of deleted and modified emails.
  7. Mobile phone Forensics – It is the examination and retrieving of call logs, deleted call and other potential forensic evidences from the device.

The common examples of digital forensics can be theft of intellectual property, Bankruptcy investigation, Forgery cases, industrial espionage, fraud investigation, blackmailing cases, pornography cases and other various crimes which involves digital media platform.

2. What is cyber crime?

It is an unlawful action against any person or community using computer, its system and its online and offline applications. In this type of crime, Information technology is used to commit and cover any offences. But in this type of crime mens rea is compulsory and if the action is unintentional then it will not fall within the ambit of cyber crime.[6]  Some common examples of cyber crime can be distribution of child pornography, accessing dark web, software piracy, industrial spying etc.

 Some common types of Cyber Crime are as follows-

  • Hacking – It’s an unauthorized access to a computer system and network.
  • Spoofing – It is changing the identity of one computer or network and pretending it  is some other computer or network.
  • Phishing – It’s an act of getting confidential information from bank or other financial institutions by using illegal ways.

Common Cyber crime tools which is used in Digital forensics-

  1. Kali Linux – It is software that is maintained and funded by offensive security. It’s specially designed software used in digital forensics and penetration testing.
  2. Ophcrack – It’s used for cracking the hashes, which are generated by the same file window and helps in securing the GUI system which allows any system to run on multiple platforms.
  3. EnCase – It is a shared technology among various digital investigation products. It comes in various ranges which are designed for forensics, cybersecurity, and security analytics.

Scope of Digital forensics in Cyber crimes –

Until recent times, digital forensics used to cover crime-related to computer applications and software. But now with the increasing popularity, social media is also becoming a place where crimes are happening at a fast pace. Forensic laboratories along with developed technology are helping in tracking criminals in very little time. For example, with the help of EnCase, forensic investigators can track the IP address and reach to the culprit. Furthermore, Ethical hackers can also help in infringing into the computer system of suspected criminals and gather evidence.

Right to Privacy in Digital Forensics and Cyber Security

2. Whether the acquiring of digital forensics by the investigation officer amounts to the breach of right to privacy?

When it comes to the development of Digital forensics in India, there is not even a single codified law that deals with this aspect of the forensic department. This can be due to the fact that technology law is still in its nascent stage in India. There are no regulations governing digital forensics, so if someone wants to become a cyber forensic, he simply has to complete a certified course on digital forensics after finishing his graduation. There is no organization that governs the profession of digital forensics in India. The primary use of digital forensics in India is to deliver justice and solve complicated cases, so it becomes very necessary to make a regulatory body that can check if the people in this profession are actually qualified enough to perform this task. Most of the time, the court of law has to have relied on data and evidence which are gathered from the investigation of digital media. This is due to the fact that most people now have access to the internet which is also increasing the number of crimes involving digital media. For example, If a girl is getting blackmailed on a messenger app, then the sole and most effective way of proving it in the court will be to give evidence, which in such cases, most of the time are in digital forms.

Right to privacy is a fundamental right guaranteed under the constitution of India. There is a possibility of privacy infringement when the data in electronic forms are given to forensic science analyst . It is reasonable enough to consider that forensic investigators should have right to access everything which can be helpful in tracking down the culprit. But most of the time, the investigator not only takes the required information, but also all those confidential information which are not needed for the case. They use it for other purpose. So, the risk of exploiting the privacy is always there in case of digital forensics investigation. This can be similar to controversial Aadhar Card case, When UDIAI used to collect all the information from the citizens of India on the behalf of government. So, in such cases, if any unauthorized person get access to the PIN, password, Username or such other required information because of the forensic science analyst, then it will not be difficult to them to manipulate the account and use it for illegal purposes. So, in a way we can say that if forensic investigators get access to that confidential information which is not required for the case in hand, then it should fall within the ambit of breach of right to privacy.

There is a need for some regulatory organization in India that can come up with some code of conduct and give certifications to the forensic investigators. In a country like India, the government has access to all the necessary details of individuals in the Aadhar Card records and PAN card records. If the government hires any agency and submit all these records to that agency, then there are high chances of misusing and selling that personal information to the third party. India doesn’t even have data protection laws and in such a case it will not be easy for a person to claim their rights and get justice. So, In a country like India, It is very important that the government introduce some code of conduct for those professionals who are handlings this sensitive personal information. This code of Conduct can also give provisions for the breach of the Right of privacy of individuals whose life can get affected because of the confidential information. There are already established international organizations which are regulating digital forensics. The Indian government and forensic science department can adopt the code of conduct of those organizations. It will help in the speedy investigation process. One such organization that the Indian forensic department can adopt is “The International Society of Forensic Computer Examiners” (ISFCE). It is the most reputed organization in the field of computer Forensics. In order to be a qualified forensic investigator one need to pass the examination and get a certificate from the organization. Their certification is recognized in most parts of the world.

In the landmark case of United States V. Ivanov[7], the court addressed the subject matter of those computer crimes which was performed by those internet users who were outside the United States and did not fall within the ambit of American court’s jurisdiction. Some users did unauthorized access on US servers from Russia. The investigation officer of the US used the court’s order to authorize remote access to the Russian server, which led to the imprisonment of Ivanov, without Ivanov’s consent. In response to the actions of investigating officers of the US, the Russian State security filed a criminal case for unauthorized illegal access without proper authority.

The cybercrime is systematically addressed in the 52- Nation treaty of the Council of Europe’s convention on crime[8]. It’s a multinational treaty that addressed the issue of cybercrime along with breach of the Right to Privacy. It tried to harmonize and balance the step to gather digital forensic evidence in Cybercrime as well as giving strong code and regulations for protecting the rights of privacy of individuals. The signatory nations provide for the common ground of laws, principles, and procedures along with aiding international cooperation in the investigation of international cybercrimes. The treaty’s sui generis protection relating to Information technology provides for criminal penalties in five categories –

  1. Accessing a computer without authorization or using in excess of authorization.
  2. Blocking data without authorization
  3. Interfering with the data without permission
  4. Interfering with the system without any authority or permission
  5. Misusing devices.

In addition to the above treaty, there are other bilateral treaties which protect the right of individuals in case of Cyber forensics.  Also the framework of the United States- India Cyber Relationships gives detailed cooperative, investigative and security principles which is consistent with various national and international responsibilities.[9]

A comparative review of legal regimes of Cyber Forensics among nations

Whether there are any established legal regimes for digital and Cyber forensics among nations?

Municipal laws reflect different notions on the rights of states, the need for public security, and balancing it against the security of private individuals. The comparison of Municipal laws can help in adopting better digital cyber forensic practices and avoiding failed attempts practiced by other nations. It can help in the identifications of major challenges that are common in the various state’s digital forensics practices.

  1. Hong Kong Special Administrative region, China

It reflects the transformation of British common law to the laws of the People’s Republic of China. The academic circle and law enforcement agencies have focused on cybersecurity and digital forensics. Big data analytics has been used by private users and government organizations in China. They have a personal data privacy ordinance which is similar to the European Union.[10] It helps private data users to protect their digital content and digital data. The big data analytics of Hong Kong is going will impact the General Data Protection Regulations (GDDPR) for EU citizens regardless of their locations. The Personal Data Privacy ordinance aims to balance the data protection rules of Hong Kong and the EU. The law enforcement agencies of Hong Kong have established computer forensic labs and it also publishes reports on cyber forensics crimes. [11]

2. The Republic of Korea

South Korea collects its data about criminal justice from its own criminal justice portal. Korean University also launched its first domestic digital forensic research center.  It released its first digital evidence guidelines on cybercrime in 2006. It aims to identify the common standard procedures to fight cybercrimes and better forensic investigation.[12] Korea also has a large educated public who has sound knowledge of their rights, unlike India. India can have strong cybersecurity laws from Korea. Korea has very strong hacking and data protection laws when compared to other nations of the world.

3. The United States of America

US constitutional laws do not allow unreasonable state searches after its fourth amendment to the constitution.  The Supreme Court has held that without strong and sufficient cause the search and seizures of digital evidence are in violation of the law and also violate the reasonable expectations of privacy. The federal cases after analyzing digital forensic issues found that the most common attacks are on the legality of digital forensic use.[13] Such unreasonable searches can lead to civil as well as criminal damages. So, the judiciary of the USA take necessary step to protect the privacy of its citizens and provide guidelines for digital forensic investigation.

As you can see the above three countries have proper legislation for governing cyber and digital forensic laws. Hong Kong has a personal data privacy ordinance, Korea has its own domestic forensic laboratory, and The United States also has digital forensic laboratories which are managed by the FBI. Further, the judiciary of these countries is really active when it comes to tackling new problems that the citizens are facing because of the crazy growth of the digital world. They are relating the concept of privacy and reasonable search and seizure with digital forensic investigations. But on the other hand, India is lagging behind the active application of jurisprudence with the digital forensics. Technology is still at its nascent stage but India is also becoming a hub of cybercrimes. Social media is becoming a tool of spreading rumors and creating riots among communities, innocents are getting blackmailed, forgery cases are happening, etc. All this makes it necessary for the legislation to come up with a strong code of conduct that will govern the working and process of digital forensics in India. The development of digital forensics in India can help in speedy trial and delivery of justice. There are a lot of hackers out there who are using confidential data to commit fraud and manipulate innocent citizens. India also does not have any strong punishment for cyber crimes which can act as a deterrent.

Conclusion and Suggestion for developed digital forensic department in India

From my point of view, In a country like India where the government is focusing on Digital India projects, there is an urgent necessity of legislation or a regulatory body that can ensure quality, conduct, and ethics in the digital forensics department of India. As mentioned in chapter III, India can adopt a code of ethics and regulations from various treaties like 52- nation treaty or establish organizations like the International Society of forensic computer examiners. According to the Centre for Advanced Research in Digital Forensics and cybersecurity, India is the third most vulnerable country for cyber threats. The Indian forensic department should establish more technology updated labs which can be used for dedicated research and provide development facility for Digital Forensics professionals. Law enforcement agencies should work together with these forensic organizations to keep digital and cybercrime at bay. Forensic professionals should be taught ethical hacking. It will help them to get acquainted with the little complexities of Cybercrime. It can also help them in finding loopholes and can come up with strong code to protect the data of private individuals and organizations in the cyber world. There should be continuous criminological and logical research for the identification of vulnerabilities and threats in the digital world. The forensic laboratories can educate the young mind in various educational institutions and try to mitigate them. The law enforcement agencies should assist the digital forensic laboratories to assist them in developing them according to global standards. They should deal with varied sets of data, research, survey, trends, pattern, and various cyber threats; it can help them in informed decisions about cybersecurity and digital forensic needs. There should also be an introduction to the forensic science curriculum in law and engineering colleges in India. There should also be a clear separation of crime investigation from law and order duties so that the forensic investigation will not be delayed because of not so necessary formal duties.


[1] Mendonca, J. (2019, April 17). Wipro hires forensic firm to probe cyberattack. Retrieved from https://economictimes.indiatimes.com/tech/ites/wipro-hires-forensic-firm-to-probe-cyberattack/articleshow/68915019.cms.

[2] The Economic Times. (2020). What is Insider Trading? Definition of Insider Trading, Insider Trading Meaning – The Economic Times. [online] Available at: https://economictimes.indiatimes.com/definition/insider-trading [Accessed 8 Jan. 2020].

[3] The Economic Times. (2020).  The biggest digital scam  – The Economic Times. [online] Available at: https://economictimes.indiatimes.com/definition/insider-trading [Accessed 8 Jan. 2020].

[4] Pam. (2018, March 21). What is Digital Forensics? Retrieved March 5, 2020, from https://www.computersciencedegreehub.com/faq/what-is-digital-forensics/.

[5]  Pam , Supra note  9.

[6] Guru 99, What is cybercrime ? Types, Tools , examples  ,Retrieved  March 5, 2020 , from https://www.guru99.com/cybercrime-types-toolsexamples.html

[7]  United  States V. Ivanov , 175 F. Supp. 2d 367 ( D. Conn . 2001 ).

    [8] Full list. (n.d.). Retrieved March 6, 2020, from https://www.coe.int/en/web/conventions/full-list/- /conventions/treaty/185

[9] U.S. Mission India |. (2016, October 4). FACT SHEET: Framework for the U.S.-India Cyber Relationship. Retrieved March 6, 2020, from https://in.usembassy.gov/fact-sheet-framework-u-s-india-cyber-relationship

[10]  Personal Data Privacy Ordinance of Hong Kong. Accessed from  http://www.edb.gov.hk/attachment/en/sch-admin/admin/about-sch/personal-data-ordinace-cap486-note/privacy.

[11]  Report, Inter-departmental Working Group on Computer Related Crime, Hong Kong. Accessed from , https://www.infosec.gov.hk/english/ordinances/files/computerrelatedcrime&uscore;eng.pdf.

[12] Yoo, Y. (2006, November 17). Korea releases guidelines on cyber crime. Retrieved March 6, 2020, from https://www.zdnet.com/article/korea-releases-guidelines-on-cyber-crime/.

[13] The Department of Commerce Internet Policy Task Force & Digital Economy Leadership Team. (2017). Fostering the advancement of Internet of Things. Retrieved from https://www.ntia.doc.gov/files/ntia/publications/iot_green_paper_01122017.pdf.

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!