📝 Module 5 Assessment

Cyber Trial, Cross-Examination & Court Craft

50 Questions • 60 Minutes • 70% Passing

Questions

Minutes

70%

Passing

Parts

Part 5.1 — Framing of Charges

1Charge framing in Sessions Court:

BNSS S.173BNSS S.230IT Act S.66BSA S.63

BNSS S.230 governs charge framing in Sessions Court.

2Prima facie standard:

Beyond doubtPreponderanceGround for presumingConfession

Prima facie = "ground for presuming" — sift, don't weigh.

3UPI fraud charges:

S.66C, 66D IT + S.318, 319 BNSS.67 IT onlyBNS onlyS.66A

IT Act (identity/personation) + BNS (cheating) combination.

4Discharge application:

S.223S.230S.482S.227 BNSS

S.227 BNSS provides for discharge.

5Bazee.com defence:

JurisdictionS.79 intermediary safe harborAlibiInsanity

S.79 safe harbor — CEO not liable without knowledge.

6Valid charge includes:

Section onlyName onlyOffence, section, time, place, manner, victim, roleJudgment

All elements for accused to prepare defence.

7IT+BNS combined because:

IT lower punishment, BNS higherIT unconstitutionalBNS cyber onlyRequired

IT for cyber elements; BNS for higher punishment.

8At charge stage court:

Delivers judgmentWeighs evidenceDismissesSifts, doesn't weigh

Court sifts at charge stage — if material, proceed.

9Ransomware critical infra:

S.67 onlyS.66, 66F IT + S.308 BNSDefamationCopyright

S.66 hacking + S.66F cyber terrorism + S.308 extortion.

10Defence challenges if:

Strong evidenceWitnessesS.63 missing, hash gap, identity gapConfession

Technical deficiencies are valid discharge grounds.

Part 5.2 — Cross-Examining IOs

11Effective IO cross uses:

"Why" questionsAggressive toneFactual questions (what, when, where)Long speeches

Factual questions trap; "why" lets IO explain.

12Hash at seizure proves:

OwnerNo alteration seizure-FSLIT Act requiredJurisdiction

Hash is fingerprint — matching proves no tampering.

13S.63 certificate by:

Person in charge of computerIO alwaysProsecutorFSL

S.63 requires person in charge to sign.

14Chain break matters:

Longer trialProves guiltIgnoredCreates tampering doubt

Gap = tampering opportunity = doubt.

15Device ON — IO should:

Switch OFFCapture volatile data, RAMGive to accusedIgnore

Live system has volatile data lost on shutdown.

16Police witness problem:

Cannot readCorruptBNSS needs independent witnessesCannot sign

BNSS S.105-106 requires independent witnesses.

17IP alone proves:

Connection used, not whoAccused committedOwns computerServer location

IP identifies connection, not individual.

18Arjun Panditrao held:

S.65B optionalFile with FIRUnconstitutionalMandatory, producible at trial

SC: certificate mandatory, can produce at trial.

19Long seizure-FSL gap:

Speedy trialTampering opportunityDouble jeopardyJurisdiction

Extended custody = tampering opportunity.

20Best cross strategy:

20+ pointsLet IO explainFocus 2-3 devastating failuresAvoid technical

Surgical focus on few critical points.

Part 5.3 — Technical Witnesses

21Forensic expert challenged:

IT S.66BSA S.45 special knowledgeBNSS S.173BNS S.318

BSA S.45 requires special knowledge.

22CDR proves:

Who calledContentSIM activity, not userGPS

CDR shows SIM activity; anyone can use SIM.

23Social media IP retained:

~90 days5 yearsForever1 week

Most platforms ~90 days retention.

24Key bank question:

ProfitBranchesCEOOTP to registered or different number?

Different number = SIM swap indicator.

25Dynamic IP means:

Never changesSame IP different usersExact locationEncrypted

Dynamic IP reassigned to different users.

26Cell tower proves:

Exact GPSWho calledGeneral area (km radius)Content

Tower coverage often several km.

27Forensics standard:

ISO 27037, NIST 800-86ISO 9001IEEE 802.11RFC 2616

ISO 27037 evidence; NIST 800-86 forensics.

28Email verification proves:

Creator identityGuiltAuthenticityEmail access only

Email verification = access, not identity.

29Malware check rules out:

FasterRemote access/planted filesRBILess work

Malware check rules out remote planting.

30Bank delay relevant:

Proves innocenceIT requiredRBI mandates quick — shows negligenceNot relevant

RBI quick action — delay = negligence.

Part 5.4 — Argument Structure

31Opening should:

All evidence detailSet narrative, preview simplyCross-examineRequest judgment

Opening sets stage and previews evidence.

32Hash analogy for judge:

PasswordEmailDigital fingerprintPhone

Hash = fingerprint, unique, changes completely if altered.

33Evidence starts with:

ComplainantForensicIOAccused

Start complainant — establish crime occurred.

34Defence closing emphasizes:

Prosecution strongConfessionConvictBurden, doubt, alternatives

Defence: burden, doubt, unexplored alternatives.

35Best fraud visual:

AbstractMoney flow diagramScreenshotsText

Money flow shows account movement visually.

36IP analogy:

NameBank accountPostal address for internetMobile

IP = postal address, identifies connection.

37After evidence, prosecution:

Address and rebut defenceIgnoreRequest bailCall witnesses

Prosecution addresses defence arguments.

38Technical simplification:

Judges stupidLaw requiresWastes timeJudges not technical — aids understanding

Judges legal experts — translation aids justice.

39Defence opening:

Admit guiltPlant doubt, highlight assumptionsAll evidenceConvict

Defence opening plants doubt.

40Documents should be:

SecretRandomNumbered, indexed, readyLeft at office

Organization shows preparation.

Part 5.5 — Judgments & Literature

41Arjun Panditrao S.65B:

Mandatory, producible at trialOptionalWith FIRUnconstitutional

Mandatory but producible at trial.

42Shreya Singhal struck:

S.65BS.69AS.66A IT ActEntire IT

S.66A struck — vague, overbroad.

43ISO 27037 covers:

BankingDigital evidence handlingWiFiEmail

ISO 27037 = digital evidence handling.

44Expert opinion under:

IT S.66BNSS S.173BNS S.318BSA S.45

BSA S.45 governs expert opinion.

45Puttaswamy established:

Privacy fundamental Art.21S.66A validS.65B optionalPolice powers

9-judge: privacy fundamental under Art.21.

46NIST 800-86 for:

BankingBlockingForensic methodologyFIR

NIST 800-86 = forensic techniques.

47Private expert needs:

Law onlyCertified (EnCE, CCE)PoliceNone

Certifications establish expertise.

48Bazee.com established:

S.66A validHash requiredFIRS.79 intermediary safe harbor

S.79 safe harbor — CEO not liable without knowledge.

49Foreign judgments:

Persuasive for novel issuesBindingNo valueMandatory

Persuasive for novel cyber issues.

50RFC 3227 covers:

BankingWebsitesEvidence collection, volatile dataEncryption

RFC 3227 = evidence collection, volatile data.

Calculating...

Part 5.1

0/10

Part 5.2

0/10

Part 5.3

0/10

Part 5.4

0/10

Part 5.5

0/10

🔒 Protected