📱 Part 4.3

Evidence Preservation & Notices

"Evidence lost is a case lost — preserve before it disappears"

Electronic evidence is inherently volatile. Server logs get overwritten, messages deleted, accounts suspended. Proactive evidence preservation can make or break your case.

3.1

Why Evidence Preservation Matters

⏰ The Ticking Clock

Electronic evidence has limited lifespan. Unlike physical evidence preserved for years, digital evidence faces automatic deletion:

• Server logs: Often retained only 30-90 days

• CDR records: Telecom companies retain ~2 years

• Social media posts: Can be deleted anytime

• CCTV footage: Auto-overwrites every 30-60 days

⚠️ What Gets Lost Without Preservation

IP Address Logs: Critical for identifying anonymous accused — deleted after short periods

Account Activity: Login times, session data — purged after account deletion

Transaction Chains: Money trail through multiple accounts — retrieval becomes complex

Communication Records: Messages, calls — deleted by parties or auto-deleted

💡 Proactive vs Reactive Approach

Reactive (Bad): File FIR → Wait for police notices → Evidence already deleted

Proactive (Good): Send preservation notices immediately → File FIR with copies → Evidence preserved

As a lawyer, you can send preservation notices even before FIR is filed.

3.2

Section 91 BNSS — Summons for Documents

📖BNSS Section 91

Summons to Produce Document or Electronic Record

"Whenever any Court or officer in charge of a police station considers that production of any document or thing is necessary... such Court may issue a summons... or such officer may issue a written order to the person in whose possession such document is believed to be..."

📋 Who Can Issue S.91 Notice?

Court: Any court during inquiry/trial can summon documents

Police Officer (SHO+): During investigation, can issue written order

Not Complainant: Private persons cannot issue S.91 — but can request police/court

Document Type	Request From	Data Available
CDR/SDR	Telecom Nodal Officer	Call records, SMS, cell tower, IMEI
Bank Records	Branch Manager + Nodal Officer	Statements, KYC, IP logs
Social Media	Platform LEA Portal	Account info, IP logs, content
Email	Provider Compliance Team	Headers, login history
UPI Records	NPCI + Bank	Transaction flow, beneficiary

3.3

Data Retention Periods

📞

Telecom CDR

2 Years

TRAI mandate

🏦

Bank Records

10 Years

RBI mandate

📧

Email Providers

90-180 Days

IP logs vary

🌐

ISP Logs

1 Year

IT Rules

💬

Social Media

90 Days

IP logs typical

📹

CCTV

30-60 Days

Auto-overwrite

⚠️ Critical Timelines

Golden Hour (Financial Fraud): First 24-48 hours — call 1930, freeze accounts

First Week: Send preservation notices to all platforms

90 Days: IP logs from social media likely gone

2 Years: Telecom CDR limit — apply before expiry

3.4

Model Preservation Notices

MODEL — DATA PRESERVATION NOTICE

To: The Grievance Officer / Law Enforcement Response Team
[Platform Name], [Address]

Subject: Legal Notice for Preservation of Electronic Evidence

Ref: FIR No. [Number] dated [Date] at PS [Name]

Under instructions from my client, complainant in the above FIR, I call upon you to preserve:

• Account: [URL/Username/ID]
• All registration details, IP logs, login sessions
• All posts, messages, content (including deleted)
• Metadata, timestamps, device identifiers
• Period: [Start Date] to present

This notice is issued under IT Act, 2000. Failure to preserve may constitute spoliation of evidence under S.201 BNS.

Acknowledge within 7 days.
[Advocate Name, Enrollment, Date]

💡 Platform-Specific Portals

Meta: facebook.com/records — Law Enforcement Response Team

Google: support.google.com/legal — Law Enforcement Request System

X (Twitter): Legal Request Submissions via Help Center

Banks: Nodal Officer + Branch Manager + RBI Ombudsman

Telecom: Nodal Officer (TRAI maintains list)

3.5

Self-Preservation Techniques

📸 Capturing Evidence Yourself

Screenshots: Full page with URL visible, browser showing date/time

Screen Recording: Video scrolling through content with system clock

Web Archive: Submit URL to web.archive.org (Wayback Machine)

Hash Value: Calculate SHA-256 immediately after capture

Witness: Have someone witness capture and sign declaration

✅ Best Practices

☑️ Include URL, timestamp, surrounding context in screenshots

☑️ Don't crop or edit — full screen captures only

☑️ Multiple formats — image + PDF + video

☑️ Calculate and record hash immediately

☑️ Multiple storage locations — cloud + physical + email

☑️ Prepare S.63 certificate for admissibility

⚠️ Legal Validity

Self-captured evidence is secondary evidence requiring S.63 BSA certificate from the person who captured it. Ensure chain of custody documentation from capture to court.

🎯 Key Takeaways — Part 4.3

Electronic evidence has limited lifespan — proactive preservation critical
S.91 BNSS allows police/court to summon documents from intermediaries
Key retention: Telecom 2 years, Bank 10 years, Social media IP ~90 days
Golden hour: First 24-48 hours for financial fraud fund freeze
Send preservation notices immediately, even before FIR
Use platform-specific LEA portals for requests
Self-capture: screenshots with URL, timestamp, hash value
Self-captured evidence needs S.63 certificate
Web.archive.org provides independent third-party preservation
CCTV overwrites in 30-60 days — send notice immediately