Producing Electronic Evidence: A 7-Step Pre-Filing Checklist for India

Introduction

Most disputes over digital files are not lost on the merits — they are lost on the basics. A WhatsApp screenshot is printed and re-scanned, a hash is never recorded, the wrong person signs the certificate, and a perfectly genuine file becomes easy to challenge. This article gives you a practical electronic evidence checklist for India: seven steps to prepare a digital file correctly before you file it in court, so the integrity story is clean and defensible. It is written for auditors, investigators, lawyers, compliance teams and anyone who collects digital files that may later be produced. None of this is legal advice — it is general information to help you organise the technical groundwork; always confirm the current text of the law and take advice where the stakes warrant it.

Why a Pre-Filing Checklist Matters

Under the Bharatiya Sakshya Adhiniyam, 2023 (BSA) — which replaced the Indian Evidence Act, with Section 63 of the BSA standing in the place of the old Section 65B — an electronic record is generally produced together with a prescribed certificate. But the certificate is only as strong as the handling behind it. If the original was altered, if no hash was ever recorded, or if custody is undocumented, the certificate sits on sand. A short checklist run at the moment of collection, not on the eve of filing, is the cheapest insurance you can buy. For the wider context, see our guide to electronic evidence certificates in India.

Step 1 — Preserve the Original File (Don't Print-and-Rescan)

The single most common mistake is destroying the native original. Printing a chat, an email or a photo and then scanning it back creates a brand-new file with none of the original metadata and a completely different set of bytes — which means the integrity hash no longer means anything. Keep the file exactly as collected: do not edit it, re-save it, rename inside the data, convert its format or open it in an application that silently rewrites it. Work on copies. The native original is the evidence; any printout is a convenience copy only.

Step 2 — Record Device and Source Details

Integrity is only half the picture; the file also needs a provenance. At collection, write down where the file came from — the device (make, model, identifier), the application or account it was taken from, the storage location and path, the operating system, and the exact date and time of collection. These details feed straight into the BSA certificate later and let anyone reconstruct how the record came to exist. Capturing them once, on the spot, is far easier than reconstructing them from memory weeks later.

Step 3 — Compute and Record the Integrity Hash at Collection

A cryptographic hash such as SHA-256 is a fixed-length fingerprint of the file's exact contents; change one byte and the fingerprint changes entirely. Compute the hash the moment you collect the file — before it is moved, opened in an editor or processed — and record it alongside the source details. That recorded value is your baseline: months later, anyone can re-hash the file and a matching value proves it is unaltered. e-Dex computes several algorithms per file fully offline, so the recorded hash never depends on an internet service.

Step 4 — Maintain Chain of Custody

Chain of custody is the documented answer to "who touched this file, when, and what did they do?" From collection to filing, log every transfer and every action: who collected it, who copied it, where it was stored, who analysed it. An unbroken custody trail closes off the argument that the file could have been swapped or tampered with along the way. The hash and the custody log work together — the hash proves the bytes did not change, the log proves nobody had an unaccountable opportunity to change them.

Step 5 — Obtain the BSA s.63 / 65B Certificate From the Right Signatory

The prescribed certificate must be completed by a person who held a responsible position in relation to the operation of the relevant device or the management of the relevant activity — someone who can actually speak to how the electronic record was produced. A technically perfect certificate signed by the wrong person is a weak certificate. Choose the signatory deliberately, and make sure the certificate's content lines up with the device and source details you recorded in Step 2. Our walkthroughs of the Section 63 BSA 2023 certificate and the common mistakes that get a 65B certificate rejected cover this in detail.

Step 6 — Sign and Timestamp

Once the certificate is prepared, make it tamper-evident. A digital signature applied with a Digital Signature Certificate (DSC) binds the signer's identity to the document so any later edit is detectable, and an RFC-3161 trusted timestamp from an independent Time-Stamping Authority fixes the exact moment the certificate was issued. Together they answer two future questions at once: has this document changed since it was signed, and when was it really produced? e-Dex can apply both, with only the timestamp step needing the internet.

Step 7 — Keep It Independently Verifiable

The final step is the one people forget: make the proof checkable by someone who does not trust you. Keep the recorded hash with the file, and use an independent verifier so the other side, or the court, can recompute the hash and confirm it matches — without relying on your assertion. e-Dex produces a seal you can re-check at the public verifier at /verify-certificate.html. Verifiability is what turns a claim of integrity into a demonstrable fact.

Common Pitfalls to Avoid

A handful of mistakes account for most avoidable challenges. Print-and-rescan destroys the original and its metadata. Hashing too late — after the file has been moved or edited — records a fingerprint of an already-changed file. Gaps in custody leave room to argue tampering. The wrong signatory weakens an otherwise correct certificate. No independent verification means everyone has to take your word. And finally, leaving all of this to the last minute: the checklist works because it is run at collection, when the original is still pristine, not on the day of filing.

Frequently Asked Questions

What is an electronic evidence checklist and why do I need one in India?
An electronic evidence checklist is a short, practical list of steps you follow before filing digital files in an Indian court so the integrity story holds up. It covers preserving the original, recording device and source details, computing an integrity hash at collection, maintaining chain of custody, obtaining the BSA Section 63 / Section 65B certificate, signing and timestamping, and keeping everything independently verifiable. Working through it reduces avoidable technical objections. This is general information, not legal advice.

Why should I never print and re-scan an electronic file as evidence?
Printing and re-scanning destroys the native original. It strips out the metadata and the exact bytes that an integrity hash is computed over, so you can no longer prove the file is unaltered. Always preserve and produce the native original file, and keep any printout only as a convenience copy, never as the evidence itself.

When should the integrity hash be computed?
Compute the cryptographic hash, such as SHA-256, at the moment of collection, before the file is moved, opened in an editor or processed in any way. Recording the hash early fixes a baseline, so if the file is altered or corrupted later, a re-computed hash will no longer match and the change becomes detectable.

Who should sign the BSA Section 63 / Section 65B certificate?
The certificate should be completed by a person who held a responsible position in relation to the operation of the relevant device or the management of the relevant activity, and who can speak to how the electronic record was produced. Choosing the right signatory matters as much as the technical content. This is general information, not legal advice, so confirm the correct signatory for your matter.

How do I keep electronic evidence independently verifiable?
Record the integrity hash at collection and keep it with the file, then use an independent verifier so anyone can recompute the hash and confirm it matches without relying on your assertion. e-Dex can generate the certificate offline and produce a seal that you, or the other side, can re-check using the public verifier at /verify-certificate.html.

Conclusion

Good electronic evidence is made at collection, not rescued at filing. Run this seven-step checklist — preserve the original, record the source, hash early, keep custody, get the right certificate, sign and timestamp, and keep it verifiable — and you remove most of the technical objections before they are ever raised. Remember this is general information, not legal advice. You can handle the technical steps offline, on a single Windows machine, with e-Dex — the Digital Evidence Integrity Suite. Download it free and build the integrity record your evidence deserves.