What Is Forensic Science? Evolution and Digital Forensics in India

Summary: Forensic science has always been about turning evidence into truth. Digital forensics does the same, only its sources are hard drives, mobile phones, cloud servers and databases rather than crime scenes. In India, this is no longer just good practice. Under the BSA 2023 and BNSS 2023, hash-verified digital evidence is now a statutory requirement for court admissibility.

Every investigation begins with a question: what actually happened? In the physical world, forensic science has spent over a century developing the methods to answer that. Fingerprints, ballistics, trace evidence, each discipline built on one principle: evidence must be collected, preserved and proven intact.

The digital world operates by the same rules. The sources are different, hard drives, mobile phones, cloud servers, transaction logs, but the obligation is identical. Collect it correctly, preserve it completely and prove it was never compromised.

In India, this is no longer a matter of professional best practice. Forensically verified digital evidence is now a statutory requirement, and evidence that does not meet the standard is inadmissible. This is where a clear understanding of forensic science and digital forensics becomes essential.

What is Forensic Science?

Forensic science involves the application of scientific theories to matters of law, especially criminal investigations and legal disputes. Forensic science, at its most basic level, acts as a link between events and proof.

Evidence cannot speak for itself. In every branch of forensic science, evidence must be gathered through scientifically accepted and replicable methods that stand up under examination in court.

How Did Forensic Science Evolve — and Where Digital Forensics Fit In?

As a formal discipline, forensic science emerged in the late 19th and early 20th centuries. Its early methods were physical: fingerprinting, handwriting analysis, ballistics, blood typing and trace evidence from crime scenes.

The methods have evolved. The principles have not. Every step must be documented, every piece of evidence preserved and every finding independently replicable. As computers, mobile phones and the internet became the primary instruments of commerce, communication and crime, forensic science had to follow.

By the 1990s, the pattern was undeniable. Crimes were being planned over email, assets concealed in digital ledgers and evidence that left no trace at any physical crime scene resided entirely on hard drives and servers. Digital forensics emerged to meet that reality, applying the same established methodology of forensic science to digital sources.

What Does ‘Digital Forensics’ Mean, and What Are Its Types?

Digital forensics involves applying scientific procedures to the identification, collection, preservation and analysis of digital evidence without compromising its integrity at any stage of the process.

Integrity at every step is the operative principle.

A forensic investigation has to achieve two goals:

generate accurate findings; and
prove that the evidence remained uncompromised.

Standard IT investigation and data recovery have one purpose: retrieve the data. Digital forensics goes further. It must also prove that the data retrieved is exactly what was there at the point of acquisition, unaltered and intact. This obligation extends across every source of digital evidence, whether that is a computer, a mobile device, network infrastructure, cloud environments, databases or system memory. Each is a distinct branch of the discipline.

Types of Digital Forensics

Digital forensics is not a single discipline. It comprises several specialisations, each addressing a distinct source of digital evidence.

Computer and Disk Forensics: examines hard drives, SSDs and storage devices for deleted files, hidden partitions and file system metadata.
Mobile Device Forensics: extracts evidence from smartphones and tablets, covering deleted messages, application data, GPS history and call logs.
Network Forensics: analyses traffic logs and packet captures to identify intrusions and data exfiltration.
Cloud Forensics: investigates data held in third-party cloud environments, often complicated by jurisdictional boundaries and restricted access.
Database Forensics: recovers and analyses transaction logs to surface records that were altered or deleted.
Memory Forensics: examines a device's live RAM for running malware, encryption keys and processes that leave no trace on disk.

Where there is digital technology, there is digital evidence. And where there is digital evidence, there is a need for forensic discipline.

What Does India's Legal Framework Say About Digital Evidence?

The IT Act, 2000

The Information Technology Act 2000, amended substantially in 2008, remains the foundational statute for digital investigations in India.

The Act:

defines what constitutes an electronic record;
establishes CERT-In as the national cybersecurity agency;
sets out offences ranging from hacking and identity theft to cyber terrorism; and
empowers law enforcement officers to search and seize digital devices.

The Bharatiya Sakshya Adhiniyam (BSA) 2023

The BSA 2023 replaced the Indian Evidence Act 1872 and introduced two changes with direct implications for legal, compliance and IT teams across India.

First, electronic records are primary evidence, not secondary. Previously, a digital document was treated as a copy requiring special certification for court admission. Under the BSA, it holds the same evidentiary status as a physical document.

Second, Section 63(4) of the BSA requires that the certificate for admitting electronic evidence must specify the hash value of the file and the algorithm used.

What Is a Hash Value?

A hash value is a unique digital fingerprint of a file or dataset. Generated by running the data through an algorithm such as SHA-256, it produces a fixed-length string of characters unique to that data.

The BNSS 2023

The BNSS 2023 embedded forensic obligations directly into the investigation process.

Section 105 requires search and seizure to be video-recorded and uploaded to the government's e-Sakshya portal. Courts have rejected evidence in cases where this was not done.
Section 176(3) mandates the presence of a forensic expert at the scene for offences carrying a sentence of seven years or more. The expert must video-record the entire collection process.
Section 193(3) requires the police charge sheet to document the chain of custody for every electronic device seized. Chain of custody is no longer best practice. It is a statutory requirement.

Where Are Digital Forensics Making an Impact in India?

From corporate boardrooms to criminal courts, digital forensics is shaping how India investigates, litigates and enforces.

Corporate Fraud and IP Theft: PwC's 2024 India survey found 59% of Indian organisations experienced economic crime in the prior two years, 18 percentage points above the global average. Digital forensics converts suspicion into admissible evidence, supporting termination, civil recovery or criminal complaint.
Banking & Fintech Fraud: The RBI's Annual Report 2023-24 recorded a 166% jump in bank fraud cases in FY24, with digital payment fraud rising by over 400%. Forensic analysis of transaction logs and device data is now standard practice in financial crime investigations.
Cybersecurity Incident Response: When a breach occurs, digital forensics answers the questions regulators and insurers demand, specifically how the attackers got in and what data they accessed or exfiltrated.
Litigation and eDiscovery: Under BSA 2023, electronic records are primary evidence. No commercial dispute or arbitration can treat them otherwise. Forensic preservation determines whether that evidence is admissible.
Employee Misconduct: Whether the matter involves data exfiltration or a Prevention of Sexual Harassment (POSH) complaint, forensically preserved WhatsApp chats, email archives and access logs give HR and legal teams the evidence needed to substantiate decisions to terminate or prosecute.

Stellar Digital Forensics: Meeting the Demands of Digital Forensics in India

Stellar Forensics: Built for India's Digital Forensics Standard

Stellar's Digital Forensics practice combines capabilities that few providers in India can match.

Our forensic work is grounded in deep knowledge of storage media, file systems and data structures, well beyond surface-level investigation.

Our capabilities span:

Digital forensics software purpose-built for evidence acquisition, analysis and reporting.

Our Forensic Toolkit covers computer forensics, mobile forensics and Windows backup extraction in a single environment.
Verified forensic images are created from physical drives and logical volumes; existing disk images and memory dumps are loaded and analysed, with hash verification run across MD5, SHA-256 and SHA-512.
Intelligent file search, tagging and keyword retrieval are built in.
For seized Windows machines, the Toolkit handles backup extraction and password recovery without requiring the original system software.
Digital Forensics services for corporate investigations, incident response, litigation support and regulatory matters.
Damaged media forensic lab with Class 100 clean room capability, enabling evidence recovery from physically compromised devices that other labs cannot handle.
Advanced forensic training for legal, compliance and law enforcement professionals.

All our digital forensic processes are aligned to NIST SP 800-86, ISO/IEC 27037, ACPO principles and the BSA 2023 Section 63(4) certificate requirements. Every investigation produces SHA-256 hash-verified evidence with a documented chain of custody designed to meet the BNSS Section 193 standard.

For Indian organisations facing a fraud, breach or dispute, Stellar delivers both the technical investigation and the legally defensible documentation that India's new evidence framework demands.

Getting Digital Forensics Right: Why It Matters and Who Can Help

Most organisations only think about digital forensics when something has already gone wrong. By then, the window for proper evidence preservation is often closing. India's legal framework under BSA 2023 and BNSS 2023 has made the stakes clear. The right evidence, handled the right way, is what determines whether a case holds up.

Stellar's forensic team works at the level that investigations demand. Deep knowledge of storage media, file systems and data structures. A damaged media lab that handles what other labs cannot. Training programmes that have put forensic understanding into the hands of legal, compliance and law enforcement professionals across India. This is not a general IT service with forensics bolted on. It is a practice built around one standard: evidence that holds up.

If digital evidence is involved in your matter, the time to act is now.

Every investigation has a starting point. Make sure yours is the right one. Call 1800 102 3232 or write to help@stellarinfo.com

FAQs

What Is the Difference Between Digital Forensics and Cyber Forensics?

The two terms are often confused, but they are not the same. While digital forensics refers to all types of electronic devices, both online and offline, cyber forensics is related to networking and activities that take place on the internet. The majority of investigations require both.

Is Digital Evidence Admissible in Indian Courts?

Yes, but there are certain prerequisites that must be fulfilled. BSA 2023 Section 63 demands a Section 63(4) certificate indicating the hash value and hashing algorithm used, as well as an established chain of custody for the data. Failure to comply will render the evidence inadmissible.

What Should an Organisation Do Immediately After Discovering a Breach or Fraud?

First things first, halt, do not repair. Do not manipulate or power down any infected computer or system without the input of a forensic expert. Disconnect the computer or system from the network, secure all log files, and call for a forensic expert before making any attempts at repairs by your company’s IT department.

How Long Does a Digital Forensic Investigation Typically Take?

Two different studies do not take an equal amount of time to complete. The duration will depend on factors such as the number of systems involved, the volume of data and how complex the issue is. If it is one device and well-defined, then it may only take a few days.

When Should a Business Engage a Professional Forensic Firm Rather Than Handle It Internally?

Whenever there is any possibility that the data could be used as evidence in court or in arbitration, an investigation, regulation, or even for a criminal prosecution, then an internal approach poses danger. Internal IT staff members have not been trained in securing data according to the NIST or ISO/IEC 27037 guidelines, and would undermine the chain of evidence.