HIMACHAL PRADESH NATIONAL LAW UNIVERSITY, SHIMLA

DISCIPLINE: FORENSIC SCIENCE

TOPIC: DRUGS TRANSACTIONS THROUGH CYBER FORENSICS

Submitted By: Submitted To:

Rohit Dhamija Dr. Shaifali Dixit

B.A L.L.B (Hons) Assistant Professor Law

9th Semester Himachal Pradesh National

Enrollment no. 1020202105 Law University, Shimla

1|P a ge
 ACKNOWLEDGEMENT

I Rohit Dhamija would like to express my sincere gratitude towards Dr. Shaifali Dixit ma’am,
Assistant Professor Law, who always stand for us and helped me at every possible step of my
assignment and without whose guidance I would not have completed my assignment
successfully. I would also like to sincerely thank Himachal Pradesh National Law University,
Shimla its faculty for guiding and encouraging me at every step of my assignment.

My friends even played a well important role and assisted me with the insights they had. Last
but not the least I bestow my heartfelt gratitude towards my parents and family members whose
instant motivations kept me go throughout the assignment.

Rohit Dhamija

B.A L.L.B (hons)

9th Semester

2|P a ge
 DECLARATION BY THE STUDENT

I, Rohit Dhamija, undersigned solemnly declare that my project assignment is purely based on
my own work which has been carried out during my study under the supervision of Dr. Shaifali
Dixit ma’am and also from the help of various online websites and research papers. I would
like to make clear that the whole assignment is typed by me on my own words after taking the
help from the mentioned sources.

It is important to note that some plagiarism may be found as I haven’t done the assignment
paraphrase. I further certify that:

1. The work contained in the assignment is not purely original but has been done by my
efforts and hard work.

2. The work is not submitted to any other organizations, journals, websites, etc.

3. I’ve followed the guidelines provided by the university in writing the assignment.

Rohit Dhamija

B.A L.L.B (Hons)

9th Semester

3|P a ge
Table of Contents
INTRODUCTION............................................................................................................................. 4
In its 2023 Annual Report, the International Narcotics Control Board finds that online drug
trafficking has increased the availability of drugs on the illicit market ............................................ 6
CYBER FORENSICS ....................................................................................................................... 7
Legal Framework Surrounding Digital Evidence ............................................................................ 8
Cyber forensic methodologies encompass the following basic activities: ........................................ 9
Tools and Technologies for Digital Evidence Collection .............................................................. 13
PROCEDURE IN CASES OF CYBERCRIME ............................................................................... 14
ROLE OF INDIAN JUDICIARY .................................................................................................... 15
A UNIQUE METHOD FOR DIGITAL FORENSIC INTELLIGENCE FOR ILLICIT DRUG
ANALYSIS IN FORENSIC INVESTIGATIONS ............................................................................ 17
SUGGESTIONS ............................................................................................................................. 18
CONCLUSION ............................................................................................................................... 20
BIBLIOGRAPHY ........................................................................................................................... 22

INTRODUCTION

 Drug trafficking is a global illicit trade involving the cultivation, manufacture,

distribution, and sale of substances which are subject to drug prohibition laws,"
according to the United Nations Office of Drugs and Crime 1. There are many different
types of drugs, with cannabis being the most often used substance worldwide 2. The
next most sought-after and trafficked narcotics are cocaine, opiates, and amphetamine-
type substances, or ATS 3. In 2014, the global share of this transnational crime was
estimated to be between US$ 426 billion and US$ 652 billion. "Approximately 269
million people worldwide, or roughly 5.3 percent of the global population aged 15-64
years, used drugs in 2018," according to the World Drug Report 20204. The usage of
opioid medicines increased by 30% in India between 2009 and 2018, according to a UN
report5. This is a severe problem for the country's future. India, the world's seventh-

1
Arsovska and Kostakos, 2008 J. Arsovska, P.A. Kostakos Illicit arms trafficking and the limits of rational choice
theory: the case of the
2
Balkans Trends Organ. Crime, 11 (2008), pp. 352-378, 10.1007/s12117-008-9052-y View article View in
ScopusGoogle Scholar
3
Berry, 2018 M. Berry Technology and organised crime in the smart city: an ethnographic study of the illicit drug
trade City, Territ. Archit., 5 (1) (2018), pp. 1-11, 10.1186/s40410-018-0091-7 View article Google Scholar
4
Bouchard and Morselli, 2014 M. Bouchard, C. Morselli Opportunistic structures of organized crime Oxf. Handb.
Organ. Crime., 1 (2014), pp. 288-302, 10.1093/oxfordhb/9780199730445.013.015 View article View in
ScopusGoogle Scholar
5
Broadhurst et al., 2018 Broadhurst, R., Lord, D., Maxim, D., Woodford-Smith, H., Johnston, C., Chung, H.W.,
Sabol, B. (2018). Malware trends on ‘darknet’crypto-markets: Research review. Available at SSRN 3226758.
Google Scholar

4|P a ge
 largest nation, borders seven other nations, some of which are included in the Golden
Triangle and Golden Crescent 6. The Golden Triangle is made up of Burma (Myanmar),
Thailand, and Laos, while the Golden Crescent is made up of Afghanistan, Pakistan,
and Iran. These are important opium-producing regions of the world, and as such, they
share a significant portion of India's economy. Because of this, the nation's borders are
now where drug trafficking begins. The boundary between Pakistan and India is the
most popular route used in India for the illicit trafficking of charas and heroin 7. The
majority of heroin originates in western India from Afghanistan, while minor amounts
of heroin and other opiates are illegally transported from Myanmar into eastern India 8.
 Amidst the contemporary digital landscape, characterized by pervasive connectivity
and the omnipresence of social media platforms, a troubling trend has surfaced: the
proliferation of illicit drug trade and consumption facilitated through online chat
groups. Drug cryptomarkets are a significant development in the recent history of illicit
drug markets. Dealers and buyers can now finalize transactions with people they have
never met, who could be located anywhere across the globe.
 The black market of drugs has been set up through anonymous systems that allow
access to sites without IPidentification. For anonymous purchase uses up the crypto
currency or virtual currency. It is the usual system that allows anonymous access, called
TOR (The Onion Router), through it has been accessed the site “Silk Road” known as
“Ebay of drugs” or “Amazon to drugs” where, with virtual currencies, usually called
Bitcoin, it can buy numerous illegal products, including illicit drugs.
 Silk Road’s inception in February 2011 ushered in a novel era in illicit drug
transactions. In the past, individuals who sought illicit drugs had to meet dealers in
person to finalize transactions. Cryptomarkets, however, heralded a shift in this
convention. These anonymous online markets, accessible exclusively via the darknet
(Aldridge, 2019), enabled the purchase of both illicit drugs and other commodities, licit
or not, without requiring personal contact with transaction partners. As a result, drug
dealers could extend their businesses, dealing with people unknown to them and
receiving anonymous cryptocurrency payments (Ouellet et al., 2022). This shift in drug
dealing paradigms posed significant challenges to law enforcement authorities, given
cryptomarkets’ potential to reshape the structure and scale of drug trafficking.
Ordinarily, illicit drugs traverse multiple international borders before reaching their
final consumers. Cryptomarkets, on the contrary, provide the means to streamline
supply chains by sourcing directly from drug-producing countries, bypassing
intermediaries. This model has the potential to boost the global reach of drug traffickers
and heighten their profits.

6
Broséus et al., 2016 J. Broséus, D. Rhumorbarbe, C. Mireault, V. Ouellette, F. Crispino, D. Décary-Hétu
Studying illicit drug trafficking on Darknet markets: structure and organisation from a Canadian perspective
Forensic Sci. Int., 264 (2016), pp. 7-14, 10.1016/j.forsciint.2016.02.045 r
7
Broséus et al., 2017 J. Broséus, M. Morelato, M. Tahtouh, C. Roux Forensic drug intelligence and the rise of
cryptomarkets. Part I: studying the Australian virtual market Forensic Sci. Int., 279 (2017), pp. 288-301,
10.1016/j.forsciint.2017.08.026
8
Brynjolfsson and Smith, 2000 E. Brynjolfsson, M.D. Smith Frictionless commerce? A comparison of Internet
and conventional retailers Manag. Sci., 46 (4) (2000), pp. 563-585, 10.1287/mnsc.46.4.563.12061

5|P a ge
  Software Applications such as “High there” in the United States, known as the “tinder
marijuana” and “Who is happy” in Brazil, known as “Foursquare marijuana”, which
are known as such because of tinder be a software application where known people
close to the user, with flirting purposes, “high there” is similar, the difference is that
adherents identify on your profile that are marijuana users, conveniently to find other
people who use it, who have more affinity. But the “Who is Happy” is known
as Foursquare , for this treat is a location software application of close people, on a
map, but in the case that, identifies people who are using marijuana nearby, using a
similar platform. 9
 With this facility to install software applications and be able to identify people and
groups of friends, drug users, combined with big data, ie the data tracking of users,
which will be explained in the next section, it becomes vulnerable to malicious hackers,
seeking to attract people to the black market in drugs contained in cyberspace
 Now the leading social network used is called Facebook, it's a privacy policy that
“through cookies” with information of this use given to users, but that goes unnoticed,
uses big data to track access favoring the promotion marketing. Similar methods are
used in Google adsense, which tracks the sites accessed by Internet users in order to
disseminate advertisements for products and services that more users are interested.
 Such information can be extracted and manipulated by anyone who wants to promote a
page or make a marketing through Facebook, using private services that the site offers.
 As in the case of mobile software applications, explained in the previous section, an
individual with malicious intent, can request this data and use them directed to the black
market.

Online Drug Trafficking is a crime of selling, transporting, or illegally importing

unlawful controlled substances, such as heroin, cocaine, marijuana, or other illegal
drugs using electronic means.10

In its 2023 Annual Report, the International Narcotics Control Board finds that online
drug trafficking has increased the availability of drugs on the illicit market 11
 The evolving landscape of online drug trafficking is presenting new challenges to drug
control, says the International Narcotics Control Board (INCB) in its Annual
Report. There are also opportunities to use the Internet for drug use prevention and
treatment to safeguard people's health and welfare, the Board says.
 The increased availability of illicit drugs on the Internet, the exploitation by criminal
groups of online platforms including social media, and the increased risk of overdose
deaths due to the online presence of fentanyl and other synthetic opioids are some of
the key challenges for drug control in the Internet era.

9
Guilherme Augusto Souza Godoy, The Drug Trafficking Inserted in Cyber Space – How Social Networks,
Virtual Currencies, Big Data and Software Applications Influence It – An Analysis of the United Nations
Organization Member, ISSN 2183-9522
10
Cybercrime.gov.in
11
https://www.incb.org/incb/en/news/press-releases/2024/the-role-of-the-internet-in-drug-trafficking-and-drug-
use-is-highlighted-in-the-international-narcotics-control-board-annual-report.html (last visited on Nov, 23, 2024)

6|P a ge
  "We can see that drug trafficking is not just carried out on the dark web. Legitimate e-
commerce platforms are being exploited by criminals too. We encourage governments
to work with the private sector and INCB projects to prevent and detect trafficking of
drugs and other dangerous substances online," said Jallal Toufiq, the President of
INCB.
 Using social media and other online platforms means drug traffickers can advertise their
products to large global audiences. Various conventional social media platforms are
being used as local marketplaces and inappropriate content is widely accessible to
children and adolescents.
 Encryption methods, anonymous browsing on the darknet and cryptocurrencies are
commonly used to avoid detection, posing difficulties for prosecuting online trafficking
offences. Offenders can move their activities to territories with less intensive law
enforcement action or lighter sanctions or base themselves in countries where they can
evade extradition. The sheer scale of online activity is an added complication. In one
case in France, law enforcement authorities collected more than 120 million text
messages from 60,000 mobile phones
 Use of Darknet, Crypto-currencies and parcel/couriers for drug trafficking have been
noticed. Narcotics Control Bureau (NCB) has booked 92 cases involving Dark net and
Crypto-currencies whereas 1025 cases involving parcel/ couriers have been reported by
all Drug Law Enforcement Agencies during the years 2020-2024 (till April).

CYBER FORENSICS
 According to Steve Hailey, President of the Digital Forensics Certification Board
(DFCB), Computer forensics is "the preservation, identification, extraction,
interpretation, and documentation of computer evidence, to include the rules of
evidence, legal processes, the integrity of evidence, factual reporting of the information
found, and providing expert opinion in a court of law or other legal and/or
administrative proceedings as to what was found." 12
 In India, the trace of advancement in the field of cyber forensics can be seen after The
Information Technology Act, 2000 (No. 21 of 2000) 13 (IT Act) was introduced to
provide legal recognition of electronic records as evidence. The IT Act instituted
provisions in the Indian Evidence Act 187214, which provide the legal framework for
the cyber forensic investigation of cybercrime in India regarding the relevancy and
admissibility of electronic evidence.
 Cyber forensics has been gaining importance with every passing day and with the
increasing forms and manners of cybercrimes and litigations involving parties of a more
significant institutional character.

12
Albert J. Marcella, Jr. & Doug Menendez, CYBER FORENSICS: A FIELD MANUAL FOR COLLECTING,
EXAMINING, AND PRESERVING EVIDENCE OF COMPUTER CRIMES 297 (2007).
13
The Information Technology Act, 2000
14
The Indian Evidence Act 1872

7|P a ge
  The application of science to the identification, collection, examination, and analysis of
data, while preserving the integrity of the information and maintaining a strict chain of
custody for the data while adhering to the legal rules of evidence is defined as cyber
forensics.
 Different cybercrimes have been provided under the I.T. Act, 2000; Indian Penal Code,
186015; Narcotic Drugs and Psychotropic Substances Act, 198516; Arms Act, 195917 &
other special laws. In 2000 Parliament enacted the Information Technology (I.T.) Act
2000 amended the existing Indian statutes to allow for the admissibility of digital
evidence.

Legal Framework Surrounding Digital Evidence

 The legal framework surrounding digital evidence in drug trafficking encompasses
various statutes and regulations governing the collection, preservation, and
admissibility of such evidence in court. Digital evidence refers to any data stored or
transmitted in binary form that can provide insights into criminal activity.

 Chain of Custody: This principle ensures that digital evidence is collected, handled,
and stored in a manner that maintains its integrity and authenticity
 Electronic evidence's legal recognition and admission have been provided in Section 3
of IEA18. The conventional definition of documentary evidence now includes electronic
records as well. The other parallel provision exists in Section 4 of I.T. (Amendment
Act), 200819, which allows matter in the electronic form to be accepted and regarded as
'written' for legal purposes if the need arises. Thus, digital evidence is prima facie
acceptable in the Indian courts of law.
 In a step further towards defining the scope of electronic evidence, it has been defined
as information of probative value that is either stored or transmitted in electronic form
and includes computer evidence, digital audio, digital video, cell phones, digital audio,
digital fax machines, digital video under Section 79A of the I.T. (Amendment) Act,
2008.20
 The admissibility of electronic records is covered primarily under Section 65-B21 of
IEA, which lays down several conditions for the same.
 There are two significant questions in cybercrime investigation, one regarding storage
devices and the other being the reliability of digital evidence. Regarding the first
question, the admissibility of storage devices, primarily computers, is important since
all digital evidence needs to be secured, extracted, stored and preserved in a particular
form. A cumulative reading of both provisions of the Indian Evidence Act 1872
indicates that the computer outputs original electronic record has been made admissible

15
The Indian Penal Code, 1860
16
The Narcotic Drugs and Psychotropic Substances Act, 1985
17
The Arms Act, 1959
18
The Indian Evidence Act, 1872, S. 3
19
The Information Technology (Amendment) Act, 2008, S.4
20
The Information Technology (Amendment) Act, 2008, S.79A
21
The Indian Evidence Act, 1872, S. 65B

8|P a ge
 as evidence "without proof or production of the original record. Thus, the matter on
computer printouts, floppy disks, and CDs becomes admissible as evidence. 22
 With regards to the second question, the clarification can also be found clarified by
Section 79A of the I.T. (Amendment) Act, 2008, which empowers the Central
government to appoint any department or agency of the Central or State government as
Examiner of Electronic Evidence. This agency will play a crucial role in providing
expert opinions on the electronic form of evidence. The question of recognition of
digital evidence is officially settled under Indian law.23 The scope of electronic
evidence has been further widened by Section 79A of the I.T. Act.
 Digital forensics in investigations is a critical discipline that involves the recovery,
preservation, and analysis of digital evidence related to drug trafficking. This process
enables law enforcement agencies to uncover crucial information that can substantiate
legal proceedings against individuals involved in illicit activities.
 In the realm of drug trafficking, the collection of digital evidence often begins with
devices such as smartphones, computers, and cloud services. Forensic experts employ
specialized techniques to retrieve deleted files, messages, and location data, which may
reveal connections between suspects and criminal networks.
 Analyzing digital footprints involves sophisticated methods that track user behavior and
digital interactions. By examining social media accounts, emails, and browsing history,
investigators gain insights into the operational tactics of drug traffickers, helping to
build comprehensive case profiles.
 Ensuring the integrity and preservation of evidence is paramount. Forensic protocols
dictate that all recovered data is documented and stored in a manner that maintains its
authenticity. This level of meticulous care ensures that digital evidence in drug
trafficking cases can withstand legal scrutiny in court

Cyber forensic methodologies encompass the following basic activities:

A. Collection:
 The collection phase involves identifying, labeling, recording, and acquiring data from
potential sources while preserving the integrity of the data. This step is crucial as it
ensures that the evidence is gathered in a manner that maintains its original state and
prevents contamination or alteration. The collection process includes:
Identification: Locating relevant data sources such as computers, mobile devices,
storage media, and network logs.

Labelling: Clearly marking each piece of evidence to maintain a chain of custody.

Recording: Documenting the condition and location of each piece of evidence.

22
T. Vikram, Cyber Crimes - A Study with a Case, INDIAN POLICE JOURNAL 78 (2002).
23
The Indian Evidence Act, 1872, S.3

9|P a ge
 Acquisition: Using forensic tools to create exact copies of data without altering the
original evidence.

 Law enforcement agencies deploy specialized personnel to ensure that the collection
process adheres to legal standards. They utilize protocols to prevent data alteration,
ensuring the authenticity of the digital evidence in drug trafficking cases.
Documentation and chain of custody are critically maintained throughout this process.
 Moreover, officers often collaborate with digital forensic experts for nuanced collection
strategies. These experts employ various techniques to extract information from
encrypted communications, social media interactions, and transaction records, which
can provide insights into trafficking networks.
 By leveraging technological advancements, law enforcement can enhance the
efficiency and effectiveness of the collection of digital evidence, ultimately aiding in
the successful prosecution of drug-related crimes. Effective collection not only aids
investigations but also strengthens the integrity of the evidence presented in court
B. Preservation:
 The forensic expert should ensure that the initial evidence is not tampered with or
broken. The experimentations should be carried out on a copy/image of the original.
The copy should be compared with the original for any error/oddity.
 Maintaining the integrity and preservation of digital evidence in drug trafficking cases
is vital for ensuring its reliability and admissibility in court. Digital evidence can easily
become compromised through improper handling, leading to questions about its
authenticity and value in investigations.
 To safeguard this evidence, law enforcement must follow established protocols that
include secure acquisition methods and thorough documentation of each step in the
evidence collection process. Employing techniques such as write-blocking during data
extraction prevents any alteration of the original data, thereby preserving its integrity.
 Preserving the environment where digital evidence is stored is equally important.
Evidence must be kept in controlled conditions to prevent degradation or loss. Regular
audits and access control mechanisms help maintain an unbroken chain of custody,
reinforcing the evidential value of digital information collected during investigations.
 By prioritizing integrity and preservation, law enforcement enhances the effectiveness
of digital evidence in drug trafficking cases. This diligence not only supports successful
prosecutions but also strengthens public trust in the justice system’s commitment to
handling digital evidence with the utmost care.
 Location: There is a difference between evidence containers and real evidence. Before
the investigation, the examiner should determine the evidence and its actual locations,
i.e., where it is contained. Locating and identifying data and information could be
challenging for each cyber forensic investigator. Processes like keyword searches, log
file analyses and routine system checks facilitate the investigation at different stages.

C. Examination

 The examination phase uses manual and automated methods to assess and extract data
of particular interest while preserving the data's integrity. This phase focuses on:
10 | P a g e
 Data Assessment: Evaluating the collected data to determine its relevance to the
investigation.

Data Extraction: Extracting pertinent information using forensic software tools.

Data Preservation: Ensuring that the extracted data remains unchanged and is securely
stored

 Extraction: Post identification, the foremost vital method is extracting the information
from the same. The information being volatile, the digital investigator should extract
the information from a copy/image of the original evidence. Also, a backup should be
taken at different stages of the investigation to ensure that no evidentiary information
is lost.

D. Analysis

 The analysis phase involves using legally justifiable methods and techniques to derive
useful information from the extracted data. This step includes:
Data Analysis: Interpreting the extracted data to uncover relevant information related to the
investigation.
Pattern Recognition: Identifying patterns, anomalies, and correlations in the data.

Hypothesis Testing: Formulating and testing hypotheses based on the evidence.

 Interpretation: The primary part of the investigator throughout the investigation is also
to investigate what his/her find is. The same should have lots of clarity and stand high
on technical ground.
 Digital footprints refer to the trail of data individuals leave on the internet and digital
devices. In drug trafficking investigations, analyzing these footprints provides critical
insights into illicit activities. Various techniques assist law enforcement in uncovering
connections, transactions, and communications relevant to ongoing cases.
 One prominent technique involves the use of metadata analysis. This includes
examining timestamps, file sizes, and the origin of digital files. By evaluating this
metadata, investigators can ascertain when and where certain actions took place,
revealing potential patterns in drug trafficking operations.
 Another valuable approach is social network analysis (SNA). SNA allows investigators
to map relationships among suspects, identifying key players and hidden connections
within drug distribution networks. By visualizing these relationships, law enforcement
can prioritize targets and tailor their investigative strategies effectively.
 Keyword analysis is also crucial. By utilizing specialized software, analysts can identify
popular terms and phrases within communications, providing context to discussions
regarding drug transactions. This method aids in establishing intent and corroborating
findings with other digital evidence collected during the investigation.

E. Reporting

11 | P a g e
  The reporting phase involves documenting the findings and describing the actions taken
during the investigation. The report should explain the tools and procedures used,
determine what additional actions are needed, and recommend improvements. This
phase includes:
Documentation: Creating a detailed report of the investigation process and findings.

Explanation: Clarifying how specific tools and methods were chosen and used.
Recommendations: Suggesting further forensic examinations, securing vulnerabilities, and
improving security controls.

Policy Improvements: Proposing enhancements to policies, guidelines, procedures, and

tools used in the forensic process.

 Documentation: From the initial investigation of the crime scene to the bagging and
tagging and ultimate analysis of evidence, the investigator has to maintain a transparent
documentation form. This may relate to the queries concerning the chain of custody as
well.

Mobile Device Forensics:

 Mobile device forensics involves recovering digital evidence from mobile phones under
forensically sound conditions using accepted methods. Mobile phones, especially those
with advanced capabilities, are relatively new and not typically covered in classical
computer forensics. Mobile devices vary in design and continually evolve as
technologies improve and new ones are introduced. Understanding the components and
organization of cell phones is essential for effectively dealing with them forensically.
 Mobile device forensics includes analyzing both SIM cards and phone memory, each
requiring different procedures. Unlike computer forensics, mobile forensics deals with
inbuilt communication systems (e.g., GSM) and proprietary storage mechanisms.
Investigations often focus on simple data such as call logs and communications
(SMS/Email) rather than in-depth recovery of deleted data.

Broad tests for evidence for electronic record

 After the evidence is collected, investigators perform general tests on the evidence
(utilizing both cyber forensics as well as generic forensics) to see the authenticity and
reliability of evidence which the investigator should verify the supply of the evidence
and also verify if the evidence is reliable and perfect, respectively to be admissible in
the court of law.

12 | P a g e
Tools and Technologies for Digital Evidence Collection24
 Digital evidence collection involves using specialized tools and technologies to extract
and preserve data for investigations into drug trafficking. These resources are crucial
for obtaining accurate, reliable information from digital devices, which can include
computers, mobile phones, and online accounts.
 Software for data recovery remains a fundamental component in this process. Tools
such as EnCase and FTK (Forensic Toolkit) enable law enforcement to recover deleted
files and analyze extensive data sets effectively, ensuring no relevant evidence is
overlooked.
 Network analysis tools, like Wireshark and NetWitness, facilitate the examination of
communication patterns and data flow across networks. These applications assist in
uncovering how drug trafficking operations communicate and transact, offering vital
insights into criminal networks.
 Mobile device forensics is another critical area of digital evidence collection. Tools
such as Cellebrite and Oxygen Forensics allow investigators to gain access to content
within mobile devices, including texts, images, and application data, which can hold
significant relevance in drug trafficking cases.

Software for Data Recovery

 Software for data recovery is designed to retrieve lost, deleted, or inaccessible data from
digital devices. In the context of digital evidence in drug trafficking, this software is
pivotal for law enforcement agencies seeking to uncover crucial information that might
otherwise remain hidden.
 Popular data recovery software options include EnCase, FTK Imager, and Recuva.
These tools can recover files from damaged hard drives, deleted partitions, or even
reformatted storage devices, allowing investigators to piece together vital
communications and transaction records relevant to drug trafficking cases.
 Specific features of these tools enable forensic experts to recover data while
maintaining the integrity of the original evidence. This is critical to ensure that the
recovered information is admissible in court, reinforcing the validity of the
investigation.
 The use of such software enhances the effectiveness of digital forensics, enabling law
enforcement to compile comprehensive evidence through detailed recovery processes.
By leveraging advanced data recovery techniques, agencies can better combat the
complexities of drug trafficking in the digital age.

Challenges in Securing Digital Evidence

24
Justice Protectors, The Role of Digital Evidence in Combatting Drug Trafficking available at -
https://justiceprotectors.com/digital-evidence-in-drug-trafficking/ (last visited on Nov, 23, 2024)

13 | P a g e
 The process of securing digital evidence in drug trafficking cases is fraught with
challenges. One significant issue is the rapid evolution of technology, which can
outpace the ability of law enforcement agencies to adapt their methods and tools for
evidence collection and analysis. As illicit networks exploit new platforms for
communication and transactions, traditional investigative techniques may become less
effective.
 Moreover, the sheer volume of data generated by digital devices complicates the task
of evidence retrieval. Investigators often face difficulties in identifying relevant
information amid terabytes of data. This makes it challenging to pinpoint critical
evidence that directly ties suspects to drug trafficking activities, resulting in time-
consuming processes.
 Cybersecurity threats also pose a considerable risk to the integrity of digital evidence.
If evidence is not secured properly, it can be tampered with or destroyed by malicious
actors, jeopardizing investigations and potential prosecutions. Ensuring the
preservation of digital evidence against such threats requires ongoing vigilance and
substantial resources.
 Legal hurdles further complicate the landscape of digital evidence in drug trafficking
cases. Variabilities in data privacy laws and regulations across jurisdictions can impede
the ability of law enforcement agencies to obtain, analyze, and present digital evidence
effectively in court.
 Privacy and Digital Forensics: The increasing use of digital forensics in drug
investigations raises privacy concerns. Accessing digital devices like phones and
computers can reveal a wealth of personal information unrelated to the case. Clear legal
guidelines and robust data protection measures are crucial to ensure only relevant
information is accessed and analyzed.

PROCEDURE IN CASES OF CYBERCRIME

 The procedure of reporting the cases and investigating is quite a tedious process. Firstly,
reporting of crime, the aggrieved person approaches the police station or specialized
cyber cell if available in the department. The officer in charge looks upon the matter
and collects the requisite information per the case. If it reveals that any act violates the
I.T. Act 2000 and is the case of cognizable offence, then particulars like modus
operandi, time, place of commission, details of the targeted individuals or system, etc.,
are recorded.

14 | P a g e
  Secondly, a preliminary review of the crime scene is done for potential evidence that
may be secured, and pre-investigation is conducted, followed by serving notices for the
preservation of evidence to all affected persons. 25
 Thirdly, access to the criminating devices or machines is limited to forbid further
contamination or unnecessary loss. The procedure of collecting evidence from the
system, whether on or off, have to do as per Section 165 of the Code of Criminal
Procedure (CrPC)26 read with Section 80 of the I.T. Act 27.
 Fourthly, the chain of custody should not be broken or tampered with, and due care has
to be done to ensure the integrity of the evidence by the expert, e.g. hashing method 28,
i.e. the generating a value or values from a string of text using a mathematical
function.29 The officer in charge of the investigation should track it down in the Digital
Evidence Collection Form, which contains the description of the whole process, the
tools used, the hash value acquired from the forensic images of evidence, and the hash
algorithm used in such processes.
 Fifthly, the documentation and collection of evidence by forensic imaging or storage in
another device like a compact disk, hard drive, or USB is followed by the packaging,
labelling, tagging, and updating of the evidence database.
 Sixthly, a court order can be sought to retain seized evidence, and it is sent for forensic
analysis. If the property owners advance the court for the release of property, an officer
in charge should preferably restore the copy of the forensic image of the seized
evidence, not the original.

ROLE OF INDIAN JUDICIARY

 The Indian Judiciary has played a pivotal role in establishing frameworks for electronic
evidence admissibility, evolving through several landmark cases that progressively
refined the legal approach. This evolution reflects the judiciary's effort to balance
technological advancement with evidence reliability and legal certainty.
 The journey began with NCT of Delhi v. Navjot Sandhu30 (the Parliament Attack
Case) in 2005, where five terrorists attacked the Parliament House, leading to a
significant legal discourse on electronic evidence. The case centered on mobile phone
call records, and initially, the Supreme Court adopted a relatively lenient approach. It
held that cross-examination of a competent witness familiar with computer operations
was sufficient to prove the authenticity of call records under Section 65A of the Indian
Evidence Act. This judgment, while groundbreaking at the time, would later be
overturned in favor of more stringent requirements.

25
DATA SECURITY COUNCIL OF INDIA, Cyber Crime Investigation Manual, available at:
https://uppolice.gov.in/writereaddata/uploadedcontent/Web_Page/28_5_2014_17_4_36_Cyber_Crime_Investiga
tion_Manual.pdf.
26
The Code of Criminal Procedure, 1973, 165
27
The Information Technology Act, 2000, S. 80
28
See, S. 3(2) Explanation, Information and Technology Act, 2000
29
UNCITRAL Model Law on Electronic Signatures with Guide to Enactment, 2001.
30
NCT of Delhi v. Navjot Sandhu, (2005) 11 SCC 600.

15 | P a g e
  A significant shift came with Anwar P.V. v. P.K. Basheer31, which fundamentally
transformed the landscape of electronic evidence admissibility. The case, arising from
election propaganda recordings on compact disks, established several crucial
principles. Most notably, it made the certificate under Section 65B(4) mandatory for
electronic evidence. The court decisively ruled that secondary electronic data stored in
CDs, DVDs, or pen drives would be inadmissible without proper certification. This
judgment explicitly rejected both oral evidence and expert opinion as alternatives to
certification, establishing Section 65B as a non-obstante clause that overrode the
general provisions of Sections 63 and 65 of the Evidence Act.
 The implications of the Anwar P.V. judgment were particularly significant for anti-
corruption cases that heavily relied on audio-video recordings. The ruling emphasized
the necessity of preserving original recordings and established that CDs or DVDs
without proper certification could not serve as the sole basis for conviction. This strict
approach reflected the court's recognition of the susceptibility of electronic evidence to
tampering and manipulation.
 The principle was further reinforced in Harpal Singh @ Chhota v. State of Punjab32,
where the court dealt with computer-generated call details in a conspiracy to abduct
case. While the conviction was ultimately upheld on other grounds, the court firmly
rejected the electronic evidence presented without a Section 65B certificate,
demonstrating unwavering adherence to the Anwar P.V. principles.
 A temporary deviation occurred with Shafhi Mohammad v. State of HP33, which
concerned the admissibility of police videography of a crime scene. This judgment
briefly relaxed the certification requirements for parties not in control of the electronic
device and granted courts discretion to waive the requirement in the interest of justice.
However, this more flexible approach would prove short-lived.
 The current definitive position was established in Arjun Pandit Rao Khotkar34, an
election dispute involving video evidence of nomination filing. This landmark
judgment reasserted the mandatory nature of Section 65B certification, explicitly
overruling the relaxation permitted in Shafhi Mohammad. However, it introduced a
narrow exception based on the doctrine of impossibility, recognizing that in some cases,
obtaining a certificate might be genuinely impossible. Importantly, the court rejected
sworn statements as an alternative to certification, reinforcing the strict approach to
electronic evidence authentication.
 The contemporary legal framework requires either the production of the original
electronic record or a certified copy with a Section 65B certificate. This certificate must
comprehensively detail the computer output, production method, authenticity
verification, and device operational details. The framework emphasizes that electronic
evidence is particularly vulnerable to tampering, making authentication through
certification non-negotiable except in cases of genuine impossibility.

31
Anvar P.V. v. P.K. Basheer & Ors, (2014) 10 SCC 473.
32
Harpal Singh @ Chhota v. State of Punjab, (2017) 1 SCC 734.
33
Shafhi Mohammad v. State of Himachal Pradesh (2018) 5 SCC 311.
34
Arjun Pandit Rao Khotkar v. Kailash Kushanrao Gorantyal and others, (2020) 7 SCC 1.

16 | P a g e
  Practical implementation of this framework requires meticulous attention to timing and
procedure. Certificates must be obtained when documents are produced, original
recordings must be preserved, and even expert testimony alone is insufficient to
authenticate electronic evidence. The courts have consistently held that digital evidence
without proper certification is inadmissible, regardless of its apparent authenticity.
 This comprehensive framework represents the Indian judiciary's thoughtful response to
the challenges posed by electronic evidence in the modern legal system. It prioritizes
reliability and authenticity while acknowledging the practical challenges that may arise
in specific cases. The evolution of these principles demonstrates the judiciary's
commitment to maintaining the integrity of electronic evidence while adapting to
technological advancement and practical necessities.

A UNIQUE METHOD FOR DIGITAL FORENSIC INTELLIGENCE

FOR ILLICIT DRUG ANALYSIS IN FORENSIC INVESTIGATIONS 35

 In forensic investigations, forensic intelligence is required for illicit drug profiling in

order to allow police officers and law enforcements to recognize crime developments
and adjust their actions. In the present paper, we propose a novel framework for Digital
Forensic Drug Intelligence (DFDI) by fusing digital forensic and drug profiling data
through intelligent cycles, where a targeted and iterative collection of evidence from
diverse sources is a core step in the process of drug profiling. Drug profiling data
combined with digital data from seized devices collected, examined, and analyzed will
allow authorities to generate valuable information about illicit drug trafficking routes
and manufacturing. Such data can be stored in seized illicit drug databases to build in
an intelligent way, all findings, hypotheses and recommendations, allowing law
enforcement to make decisions. Our framework will potentially provide a better
understanding of profiling, trafficking and distribution of illicit drugs.
 In case of illicit drug seizures, some seized evidence includes digital evidence items
such as mobile phones, computers, hard drives, flash drives, memory cards, cloud
sources, etc., which can be identified and preserved while maintaining the chain of
custody of physical and digital artifacts. Following a legal authorization for initial
collection, digital evidence items are examined to extract data via the application of
several digital forensic tools. As a result, numerous manageable forms of data are
obtained throughout the examination phase. These include filtering techniques, pattern
matching and hidden data extraction. Frequently, examining illicit drug cases will spot
other digital evidence such as contact lists, social media communications, internet-
browsing records, SMS, photos, videos, voice messages, bank transactions, geolocation
shares, etc. After examination, analysis of extracted information is realized through

35
Hachem M, Mizouni R, Alawadhi IM, Altamimi MJ. Digital forensic intelligence for illicit drug analysis in
forensic investigations. iScience. 2023 Sep 22;26(10):108023. doi: 10.1016/j.isci.2023.108023. PMID: 37860773;
PMCID: PMC10582396.

17 | P a g e
relational, functional or temporal analysis. Practically, forensic experts rely on multiple
data visualization tools to facilitate the analysis of structured and unstructured data.
Cellebrite Pathfinder and Oxygen are examples of common tools that allow data
visualization by implementing artificial intelligence (AI), data mining and machine
learning.45,46 At this stage, the profile findings of illicit drugs will be inserted to
discover the connections of events, locations, and relationships in order to compare and
correlate between different suspects from a single or different case with multiple
evidence items. Furthermore, analyzing these data allows the reconstruction of past
events and predicts plausible outcomes and crimes connected to illicit drugs. Moreover,
identification and tracking of criminals involved in illicit drug manufacturing and
trafficking are possible through chasing digital money trails. The final step of digital
forensic investigation is presenting where digital data should be reported. This report
must include the extracted information related to the identification of the drugs’ country
of origin (photos, videos, SMS, etc.), the clandestine laboratory where these drugs were
synthesized, and the methodology followed for drugs preparation in case recipes or
photos are found in digital devices. Additionally, people involved in the drug supply
chain, including the producer, trafficker, distributor, supplier, and user, can be
identified through digital forensic investigation. In parallel to digital forensic
investigation, drug profiling is conducted where an initial collection step allows the
classification of drugs of abuse based on their physical and chemical characteristics.
Next, the visual examination of drug samples focuses on significant drug seizures
and/or clandestine laboratory cases. Following, the instrumental analysis of drugs of
abuse, as previously explained, is used to categorize each drug into multiple types
depending on drugs’ content. This step will be followed by a fusion of data reported
from digital forensic investigation with those conveyed from drug profiling and external
resources. Certainly, this fusion consists of validating data based on drug profiling and
re-evaluating data established on fusion with external databases. Furthermore, this step
opens the door to a deeper analysis of linked data and conveys more insights into a
global context. Findings further trigger a targeted data collection based on identified
events. Additionally, an iterative approach of analysis refinement cycles might be
conducted where the suspect data are re-examined and evaluated for other elements.
The last step consists of evidence generation and presentations, including a summary
of key results (digital and drug profiling), a comprehensive report and a factual basis
for conclusions. At an international level, different countries adopt diverse processes
for evidence generation and presentation. Therefore, we suggest that each country
applies its rules and constraints for last step’ execution. Finally, a decisive conclusion
can be achieved based on the framework we are suggesting through establishing a link
between the hypothesized and real data.

SUGGESTIONS

18 | P a g e
 Legislative Updates: There is a continuous effort to revise and update existing laws to
keep pace with technological advancements. This includes the creation of
comprehensive guidelines for handling digital evidence and the establishment of
standardized protocols for conducting cyber forensic investigations, ensuring that legal
frameworks remain effective in the digital age.
 Technical Infrastructure: Investments are being made in advanced forensic tools and
technologies to enhance investigative capabilities. This also includes the development
of secure systems for evidence storage and management, along with the implementation
of standardized documentation procedures to maintain the integrity and reliability of
digital evidence.
 Capacity Building: Regular training programs are being conducted for law
enforcement personnel to enhance their skills in cyber forensics. Collaboration with
technical experts and academic institutions is encouraged to stay updated on emerging
trends, while specialized cyber forensic units are being developed to handle complex
cases involving digital evidence.
 International Cooperation: Efforts are being made to establish cross-border
information-sharing mechanisms and harmonize digital evidence collection procedures.
The development of mutual assistance protocols is also a priority to ensure efficient
cooperation between countries in investigating cyber crimes and handling digital
evidence.
 Advanced Machine Learning Techniques: Explore advanced machine learning
algorithms, such as deep learning and natural language processing (NLP), to enhance
the detection and classification of suspicious cryptocurrency transactions associated
with drug trafficking on the darknet. Develop models capable of analyzing unstructured
data sources, such as transaction memos and blockchain comments, for deeper insights
into illicit activities.
 Real-Time Monitoring Systems: Develop real-time monitoring systems capable of
continuously analyzing cryptocurrency transactions and detecting anomalies indicative
of drug trafficking activities on the darknet. Implement alert mechanisms to notify law
enforcement agencies and regulatory bodies of suspicious transactions promptly,
enabling timely intervention and disruption of illicit networks.
 Enhanced Collaboration and Information Sharing: Strengthen collaboration and
information-sharing mechanisms among law enforcement agencies, regulatory bodies,
and cryptocurrency exchanges to facilitate the exchange of intelligence and coordinate
efforts in combating drug trafficking on the darknet. Establish secure communication
channels and platforms for sharing sensitive information while ensuring compliance
with data protection regulations.
 Blockchain Forensics Tools: Invest in the development and deployment of specialized
blockchain forensics tools and software solutions tailored to the needs of law
enforcement agencies and regulatory authorities. These tools should provide advanced
analytics capabilities, visualization features, and forensic techniques for conducting
comprehensive investigations into cryptocurrency-related illicit activities.

19 | P a g e
 Public Awareness and Education: Launch public awareness campaigns and
educational initiatives to raise awareness about the risks associated with cryptocurrency
transactions and the role of cryptocurrencies in facilitating drug trafficking on the
darknet. Educate individuals, businesses, and financial institutions on best practices for
identifying and reporting suspicious transactions, enhancing collective efforts in
combating illicit activities.
 Policy Development and Regulatory Frameworks: Advocate for the development of
robust policy frameworks and regulatory measures to address the challenges posed by
cryptocurrency-related illicit activities, including drug trafficking on the darknet. Work
closely with policymakers, industry stakeholders, and international partners to
formulate effective strategies for mitigating risks and ensuring compliance with
regulatory requirements.
 Cross-Border Collaboration: Strengthen cross-border collaboration and international
cooperation in combating drug trafficking and cryptocurrency-related illicit activities.
Foster partnerships with international law enforcement agencies, regulatory bodies, and
cybersecurity organizations to share intelligence, coordinate investigations, and disrupt
transnational criminal networks operating on the darknet.
 Research and Innovation: Invest in research and innovation initiatives aimed at
advancing technology-driven solutions for combating drug trafficking and illicit
activities facilitated by cryptocurrencies. Support interdisciplinary research projects
that bring together experts from various fields, including cybersecurity, criminology,
economics, and data science, to address complex challenges and develop innovative
approaches for enhancing security and integrity in the digital environment.

CONCLUSION
 The evolution of digital technology has fundamentally transformed both criminal
activities and law enforcement methodologies, placing cyber forensics at the forefront
of modern criminal investigation. This comprehensive analysis reveals several critical
observations and conclusions regarding the current state and future trajectory of digital
forensics in law enforcement.
 First and foremost, cyber forensic tools have emerged as indispensable instruments in
criminal investigations, significantly contributing to improved conviction rates. The
admissibility of electronic/digital evidence collected through these tools has become
increasingly crucial in legal proceedings, though the legislative framework continues
to lag behind technological advancements. This gap between technological progress
and legal adaptation presents a significant challenge that needs to be addressed through
systematic legal reforms and updates.
 The role of digital forensics in the criminal justice system is projected to expand
significantly, particularly as society becomes increasingly digitized. This evolution
necessitates a dual approach: enhancing the technical capabilities of forensic tools while
simultaneously developing the legal framework to accommodate these advancements.
The acceptance and understanding of digital forensics within the criminal justice system

20 | P a g e
 are gradually improving, leading to more effective utilization of digital evidence in
solving crimes and securing convictions.
 In the context of specific challenges like drug trafficking, digital evidence has become
pivotal in dismantling criminal networks. The success of such investigations relies
heavily on:
- Integration of advanced analytical tools and intelligence gathering
- Establishment of partnerships with cybersecurity experts
- Continuous training of law enforcement personnel
- Implementation of robust evidence management practices
- Enhanced cross-jurisdictional information sharing
 However, the current state of cyber forensics in India reveals several areas requiring
immediate attention. The field remains in its nascent stage, necessitating:
- Systematic development of effective practices
- Regular updates to regulatory frameworks
- Enhanced public awareness campaigns
- Integration of artificial intelligence and machine learning technologies
- Cross-disciplinary collaboration among criminology, sociology, public health, and
cyber forensics experts
 The future of cyber forensics lies in its ability to adapt to emerging technologies while
maintaining the integrity and reliability of digital evidence. As technology continues to
evolve, the field must remain dynamic, constantly developing new methods and tools
to address emerging threats and increasingly complex digital environments.
 In conclusion, while significant progress has been made in the field of cyber forensics
and digital evidence handling, there remains considerable room for improvement,
particularly in the Indian context. The success of future law enforcement efforts will
largely depend on the ability to bridge the gap between technological capabilities and
legal frameworks, while simultaneously building capacity and expertise in the field.
Only through a coordinated approach involving legal reforms, technological
advancement, and human resource development can the full potential of cyber forensics
be realized in the pursuit of justice in an increasingly digital world.
 This comprehensive approach to strengthening cyber forensics capabilities will not only
enhance the effectiveness of criminal investigations but also contribute to the broader
goals of maintaining public safety and security in the digital age.

21 | P a g e
 BIBLIOGRAPHY

BOOKS AND JOURNALS

1. Arsovska and Kostakos, 2008 J. Arsovska, P.A. Kostakos Illicit arms trafficking and
the limits of rational choice theory: the case of the Balkans Trends Organ. Crime, 11
(2008), pp. 352-378, 10.1007/s12117-008-9052-y
2. Berry, 2018 M. Berry Technology and organised crime in the smart city: an
ethnographic study of the illicit drug trade City, Territ. Archit., 5 (1) (2018), pp. 1-11,
10.1186/s40410-018-0091-7
3. Bouchard and Morselli, 2014 M. Bouchard, C. Morselli Opportunistic structures of
organized crime Oxf. Handb. Organ. Crime., 1 (2014), pp. 288-302,
10.1093/oxfordhb/9780199730445.013.015 View article View in ScopusGoogle
Scholar
4. Broadhurst et al., 2018 Broadhurst, R., Lord, D., Maxim, D., Woodford-Smith, H.,
Johnston, C., Chung, H.W., Sabol, B. (2018). Malware trends on ‘darknet’crypto-
markets: Research review. Available at SSRN 3226758. Google Scholar
5. Broséus et al., 2016 J. Broséus, D. Rhumorbarbe, C. Mireault, V. Ouellette, F. Crispino,
D. Décary-Hétu Studying illicit drug trafficking on Darknet markets: structure and
organisation from a Canadian perspective Forensic Sci. Int., 264 (2016), pp. 7-14,
10.1016/j.forsciint.2016.02.045 r
6. Broséus et al., 2017 J. Broséus, M. Morelato, M. Tahtouh, C. Roux Forensic drug
intelligence and the rise of cryptomarkets. Part I: studying the Australian virtual market
Forensic Sci. Int., 279 (2017), pp. 288-301, 10.1016/j.forsciint.2017.08.026
7. Brynjolfsson and Smith, 2000 E. Brynjolfsson, M.D. Smith Frictionless commerce? A
comparison of Internet and conventional retailers Manag. Sci., 46 (4) (2000), pp. 563-
585, 10.1287/mnsc.46.4.563.12061
8. Albert J. Marcella, Jr. & Doug Menendez, CYBER FORENSICS: A FIELD MANUAL
FOR COLLECTING, EXAMINING, AND PRESERVING EVIDENCE OF
COMPUTER CRIMES 297 (2007).
9. Guilherme Augusto Souza Godoy, The Drug Trafficking Inserted in Cyber Space –
How Social Networks, Virtual Currencies, Big Data and Software Applications
Influence It – An Analysis of the United Nations Organization Member, ISSN 2183-
9522

22 | P a g e