CDR Evidence in Court (India): How to Present Call Detail Records

Introduction: CDRs as Electronic Evidence

A Call Detail Record (CDR) is one of the most frequently relied-upon pieces of digital evidence in Indian litigation and investigation. It is a structured log produced by a telecom service provider's systems that records the metadata of communications — calling and called numbers, date and time, call duration, and the cell tower or location identifiers involved. Crucially, a CDR does not contain the content of any conversation; it is a record of who contacted whom, and when. Because a CDR is generated and stored by a computer system, Indian law treats it as electronic evidence — and that classification carries specific consequences for how it must be presented in court. This article walks through how CDRs are obtained, why they need a certificate, who certifies them, and how to preserve and hash the file you receive. It is general information, not legal advice.

How CDRs Are Obtained

A CDR is held by the telecom service provider, not by ordinary parties to a dispute. You cannot simply generate one yourself. In practice the record is produced in response to a lawful request — for example a direction or summons issued by a court, or a request made through the proper authority by an investigating agency in a criminal matter. A subscriber may sometimes be able to obtain limited records relating to their own number directly through the provider. The correct route depends heavily on the facts of the case and on current law and procedure, so the first step is always to confirm the lawful basis on which the CDR is being sought. Records obtained outside a proper channel can create more problems than they solve.

Why a CDR Needs a Certificate

Indian law generally requires that an electronic record produced from a computer system be accompanied by the statutory certificate prescribed for such records — Section 63 of the Bharatiya Sakshya Adhiniyam (BSA) 2023, which corresponds to the earlier Section 65B of the Indian Evidence Act. A CDR is precisely this kind of computer-generated record. The certificate exists to identify the system that produced the record and to attest, in the form the statute prescribes, that the record was regularly produced by a computer in proper working order. For a fuller treatment of the statutory form, see our guide to the Section 63 BSA 2023 electronic evidence certificate, and our Section 65B certificate format with an example. Attaching the certificate to a CDR is the difference between a stack of numbers and a record a court can properly receive.

Who Certifies the CDR

The statutory certificate is given by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities. For a CDR, that is typically the nodal officer or the person in charge of the telecom service provider's computer system that generated the record. That person is the one able to speak to how the CDR was produced and to sign the certificate the law requires. It is worth understanding this distinction early: the integrity tooling you run on the file is your own contribution to the evidence, but the statutory certificate for the CDR itself comes from the provider's authorised officer, not from you and not from any software. e-Dex does not issue that statutory certificate.

Preserving and Hashing the CDR File You Receive

From the moment a CDR file lands in your hands, your job is to be able to prove it has not changed since. Keep the original file exactly as received and work only from copies. The most reliable first move is to compute a cryptographic hash — a fixed-length digital fingerprint — of the original. Change a single byte of the file and the hash changes completely, so a matching hash later is strong proof that the data is untouched. e-Dex hashes the CDR file fully offline on your own Windows machine using several algorithms (such as SHA-256, SHA-512 and BLAKE3) and produces an integrity certificate that records those values, with a plain MATCH / MISMATCH verdict whenever you re-verify. Store the original in a read-only or write-once location, and re-verify against the recorded hash before you ever rely on the file in a proceeding.

Chain of Custody

Integrity hashes prove the file did not change; the chain of custody proves who held it and when. For a CDR, document the journey end to end: when and from which provider the record was received, the request or order under which it was produced, who received the file, every copy and transfer, where the original is stored, and the hash recorded at each handover. A clean custody log lets you answer the obvious cross-examination — "how do we know this is the file the provider sent?" — without hesitation. For the full picture, read our deep dive on chain of custody for digital evidence — beyond hashing. Hashing and custody work together: one anchors the bytes, the other anchors the story around them.

Common Pitfalls

The single most common mistake is tendering a raw CDR printout without the statutory certificate — a stack of paper that no one from the provider has attested to. Closely related is relying on a CDR pulled through an improper channel, which can undermine the whole exercise. Other recurring problems include editing or re-saving the original file (which silently changes its hash), failing to record a hash at the time of receipt so there is no baseline to compare against, keeping no custody log, and confusing a CDR's metadata with the content of a call. Treat the file as fragile, certify and hash it early, and never work from the only copy.

Frequently Asked Questions

What is a CDR and is it electronic evidence in India?
A Call Detail Record (CDR) is a structured log generated by a telecom service provider's systems that records the metadata of communications — calling and called numbers, date, time, duration, cell tower or location identifiers and similar fields. It does not contain the content of any call. Because a CDR is a record produced and stored by a computer system, it is treated as electronic evidence under Indian law, which means the file generally has to be accompanied by the certificate the law prescribes for electronic records. This is general information, not legal advice.

How is a CDR lawfully obtained for use in court?
A CDR is held by the telecom service provider, not by private parties. It is normally produced in response to a lawful request — for example a direction or summons from a court, or a request made through the proper authority by an investigating agency. A subscriber may also be able to obtain limited records relating to their own number through the provider. The correct route depends on the case and on current law and procedure, so confirm the lawful basis before relying on any CDR.

Does a CDR need a Section 63 BSA / 65B certificate?
Indian law generally requires that electronic records produced from a computer system be supported by the statutory certificate for electronic records — Section 63 of the Bharatiya Sakshya Adhiniyam 2023 (formerly Section 65B of the Indian Evidence Act). A CDR is exactly this kind of computer-generated record, so a raw printout on its own is usually not enough; the prescribed certificate that identifies the system and attests to the record is typically expected. How it is tendered and weighed is for the court to decide on the facts.

Who certifies a CDR for court?
The statutory certificate for a computer-generated record is given by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities — in practice the nodal officer or the person in charge of the telecom service provider's computer system that produced the CDR. e-Dex does not issue that statutory certificate; it helps you record the integrity of the file you receive so the underlying data can be shown to be unaltered.

How should I preserve a CDR file once I receive it?
Keep the original file exactly as received and work only from copies. Immediately compute cryptographic hashes (such as SHA-256) of the original so any later change is detectable, store it in a write-once or read-only location, and log every transfer in a chain-of-custody record. e-Dex can hash the CDR file fully offline on your own Windows machine and produce an integrity certificate recording the values, so you can prove the file is the same one the provider sent.

Conclusion

Presenting CDR evidence well in an Indian court is less about cleverness and more about discipline: obtain the record through a lawful channel, secure the provider's statutory certificate under BSA s.63 / 65B, and prove the file you hold is the one you were given. That last step is where a hash earns its keep. Compute and record cryptographic hashes the moment the CDR arrives, keep a clean chain of custody, and re-verify before you rely on it. You can do the integrity part in minutes, fully offline, on a single Windows machine with e-Dex — the Digital Evidence Integrity Suite. Download it free and make sure your CDR file is exactly what it should be. Remember: this article is general information and not legal advice — read the provision as it stands and take counsel where the stakes warrant it.