Blog Details

Introduction

Phones are now the busiest source of evidence in Indian investigations. A single handset can hold WhatsApp chats, call logs, photographs, location history and app data, and any one of those may decide a matter. But pulling data off a phone is only half the job. To put it before a court you also need to show where it came from and that it has not changed since collection. That is the role of a mobile evidence certificate — a documented, integrity-backed record of the device, the extraction and the exhibits. This article explains what that certificate covers in India and how e-Dex (formerly Hash Calculator) helps you produce one.

e-Dex Certifies the Extraction — It Does Not Perform It

This is the most important point to be clear about up front. e-Dex does not extract data from a phone. It never connects to the handset, never bypasses a lock and never pulls a chat database. The examiner performs the extraction using their own tools — a forensic suite such as Cellebrite UFED or Magnet, a logical pull over ADB, or even a manual WhatsApp export from the chat menu. Once those output files exist on disk, e-Dex steps in: it hashes each file and records the surrounding facts in a certificate. In other words, your forensic tool acquires the evidence; e-Dex documents and certifies it.

Why a Phone Needs a Certificate Under Section 63 BSA

WhatsApp chats, call logs and photos lifted from a phone are electronic records. Like any electronic record, they are not automatically admissible just because they exist on a screen. Under Section 63 of the Bharatiya Sakshya Adhiniyam, 2023 — the successor to Section 65B of the Indian Evidence Act — electronic evidence generally has to be accompanied by a certificate. For a phone, that certificate must answer the practical questions a court will ask: which device, how the data was taken off it, and whether the copy in front of the court is identical to what was collected.

What the Mobile Extraction Certificate Records

A good mobile certificate is specific about the device and the method. With e-Dex you capture, in one place:

Device identifiers — the IMEI (or both IMEIs for a dual-SIM handset), make and model, and serial number, so the exhibit is tied to a particular physical phone rather than a vague “mobile.”
Extraction tool — the software actually used, for example Cellebrite UFED, Magnet AXIOM, ADB or a manual WhatsApp export, along with its version where relevant.
Extraction type — whether the acquisition was logical, physical or a targeted WhatsApp export, since each tells the court something different about scope and completeness.
Account or number — the phone number, WhatsApp account or app identity the data belongs to.
Exhibit hashes — a cryptographic fingerprint for every output file, recorded against the exhibit so integrity can be re-checked at any time.

Where Hashing Fits In

The certificate is only as strong as the proof that the extracted files have not been altered. That proof is a cryptographic hash — a fixed-length digital fingerprint (MD5, SHA-256, SHA-512, BLAKE3 and others) computed over each file. Recompute the hash later and, if it matches, the file is bit-for-bit identical to what was extracted; if a single byte changed, the hash changes completely. e-Dex records these values against every exhibit with an explicit MATCH / MISMATCH statement, so a court or opposing party can verify the WhatsApp database, the call-log export or the image folder without taking anything on trust. Hashing is also the backbone of a defensible chain of custody for digital evidence.

Signing and Time-Stamping the Certificate

Two things make the certificate genuinely defensible: who signed it and when. e-Dex can apply a PAdES digital signature using a Digital Signature Certificate (DSC) on a USB token, binding the examiner's identity to the document so any later edit is detectable. It can also attach an RFC-3161 trusted timestamp, sealing the exact time the certificate was produced against a Time-Stamping Authority — independent proof that the document existed in that form at that moment. Both run from your own machine; only the timestamp step touches the internet.

A Practical Workflow

In practice the steps are simple. First, the examiner extracts the data with their chosen tool and saves the output — the WhatsApp export, the call-log CSV, the UFED package or the image folder. Then, in e-Dex, create a case and add those files so the tool hashes them; enter the device identifiers, extraction tool, extraction type and account or number; generate the mobile evidence certificate; and, where required, sign it with a DSC and apply a trusted timestamp. The output is a single, court-ready PDF backed by a tamper-evident record — and because there is no licensing or registration involved, it is purely a matter of documenting what you already collected.

How It Relates to a Forensic Examination Certificate

A mobile extraction certificate is narrow and device-focused: it pins down the handset and the acquisition. A broader forensic examination certificate documents the analysis performed on the collected data. The two are complementary, and in many matters they are produced together — one to establish how the phone data was obtained, the other to record what examination of that data revealed.

A Note on Legal Advice

e-Dex helps you produce a well-structured, integrity-backed certificate; it is a tool, not a substitute for legal counsel. The precise wording, who must depose, how the phone was lawfully seized, and how the certificate is tendered depend on the facts of your matter and the current text of the statute and the Schedule. Always read the provision as it stands and take advice where the stakes warrant it. e-Dex does not guarantee that any record will be admitted — that is for the court to decide.

Frequently Asked Questions

Is a WhatsApp chat admissible as evidence in India?
WhatsApp chats, call logs and photos taken from a phone are electronic records, so under Section 63 of the Bharatiya Sakshya Adhiniyam 2023 (the successor to Section 65B of the Indian Evidence Act) they generally need to be accompanied by a certificate. e-Dex helps you produce a well-structured certificate that records the device, the extraction and the integrity hashes, but admissibility is ultimately decided by the court on the facts of the matter.

Does e-Dex extract data from the phone?
No. e-Dex does not connect to or extract data from a phone. The examiner performs the extraction with their own tool, such as Cellebrite UFED, Magnet, ADB or a manual WhatsApp export. e-Dex then hashes the resulting files and documents the device, tool and extraction details in a certificate.

What is the difference between a mobile extraction certificate and a forensic examination certificate?
A mobile extraction certificate focuses on a phone or tablet: it records device identifiers like IMEI, make, model and serial, the extraction tool and type, the account or number, and the exhibit hashes. A forensic examination certificate is broader and documents the analysis performed on collected data. The two are complementary and often filed together.

Does e-Dex need an internet connection?
No. e-Dex runs fully offline on your own Windows machine, so the extracted files never leave your control. An internet connection is only needed if you choose to apply an RFC-3161 trusted timestamp from a Time-Stamping Authority.

Does a mobile evidence certificate need a new licence or registration?
No. A mobile extraction certificate is pure documentation. It does not require any new licensing. e-Dex simply records the device, extraction and hash details and lets you sign the certificate with a Digital Signature Certificate and apply a trusted timestamp.

Conclusion

A phone full of WhatsApp messages, call logs and photos is only useful in court if you can show exactly which device it came from and prove the files have not changed. That is precisely the gap a mobile evidence certificate fills — and it is documentation, not extraction. Let your forensic tool acquire the data, then let e-Dex — the Digital Evidence Integrity Suite hash the exhibits, capture the device details and produce a signed, timestamped Section 63 certificate on your own Windows machine.