In the ever-expanding digital world, the nature of crimes has evolved from physical to virtual realms. Cybercrimes like hacking, data theft, and digital fraud have emerged as potent threats to individuals, businesses, and national security. In response, the Indian legal system has developed specific provisions under the Information Technology Act, 2000, to address these offences. One such provision is Section 66B, which penalizes dishonestly receiving stolen computer resources or communication devices. While the offence may occur in the virtual world, its investigation and prosecution heavily rely on digital footprints—the trails of data left behind by users—and cyber forensics—the science of tracing and interpreting such trails.
Section 66B of the IT Act
The section reads: Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to one lakh rupees or with both. It penalises:
- Receiving or retaining computer resources or communication devices (e.g., stolen laptops, hacked data, leaked passwords),
- With dishonest intent, and
- Knowledge or reasonable belief that such resources are stolen.
This is similar in spirit to Section 411 of the Indian Penal Code (receiving stolen property), but is tailored for digital assets.
Digital Footprints and its in Section 66B Cases
Digital footprints are the traces of information users leave behind when they interact with digital platforms. These can be:
- Active footprints: Information intentionally shared (e.g., posts, messages, login data),
- Passive footprints: Information collected without the user’s direct input (e.g., IP addresses, browser history, cookies, metadata).
In cybercrime investigations, these footprints become essential to: Track the user’s activity, Prove their involvement, and Link them to a specific device. In a Section 66B prosecution, the key challenge is proving that the accused received or retained stolen digital property knowingly and dishonestly. Here’s how digital footprints help in proving that:
1. IP Address Tracking
When stolen data (such as a hacked email archive or confidential files) is accessed or downloaded, the server logs record the IP address of the accessing device. If the accused’s IP is linked to the act, it strengthens the prosecution’s case.
2. Login Credentials and Activity Logs
If a person uses stolen credentials (e.g., hacked Netflix accounts, banking portals), the server log files can reveal unauthorized logins from new locations or devices—creating a timeline of illegal access.
3. Device Forensics
Digital devices such as mobile phones, laptops, or tablets leave behind evidence in the form of:
- Downloaded files,
- Browser history,
- Deleted content that can be recovered,
- USB logs showing transfer of stolen files,
- Chat logs or emails discussing the stolen data.
This evidence can directly tie the accused to the possession of stolen digital assets.
4. File Metadata
Even if stolen documents are renamed or relocated, their metadata (like date of creation, last modified date, author, etc.) can indicate when and by whom the file was accessed or altered.
5. Network Logs
If data was transferred using cloud services (e.g., Google Drive, Dropbox), forensic experts can analyze access logs, sharing permissions, and timestamps to trace the source and recipient of the stolen data.
The Role of Cyber Forensics in Section 66B Investigations
It involves the scientific identification, preservation, extraction, analysis, and presentation of digital evidence in a legally admissible manner. In such cases, forensic experts begin by creating forensic images of the accused’s devices—such as computers, mobile phones, or external drives—to preserve the original data without alteration. This ensures the integrity and admissibility of the evidence in court.
Once imaging is complete, the devices undergo a detailed technical examination to uncover traces of stolen data. Experts look for files, folders, or software that may have been acquired unlawfully. Even deleted or hidden files can be recovered using specialized forensic tools, revealing the presence of stolen information the accused may have attempted to erase. Email accounts, chat applications, and messaging platforms are also analyzed to trace conversations or file transfers relating to the stolen digital resources. In some cases, investigators uncover encrypted or disguised content that can further support the allegation of knowing possession.
A crucial aspect of cyber forensic work is linking the digital activity to the individual. This is achieved through an analysis of MAC addresses, device IDs, user account logs, IP addresses, and login credentials, all of which can establish that a particular user was responsible for accessing or storing the stolen data. After completing the investigation, forensic experts compile their findings into a detailed forensic report, formatted to meet the requirements of Indian courts and evidentiary rules under the Indian Evidence Act, especially Section 65B.
Evidentiary Value in Court
Indian courts have recognized the value of digital evidence under the Indian Evidence Act, 1872, particularly through:
- Section 65B: Admissibility of electronic records,
- Section 45A: Opinion of the examiner of electronic evidence.
For Section 66B cases, the evidence must be:
- Authenticated,
- Obtained through lawful means (e.g., seizure under a proper warrant),
- Certified under Section 65B.
Failure to follow proper forensic protocols can render the evidence inadmissible, weakening the prosecution’s case.
Conclusion
Section 66B of the IT Act plays a vital role in penalizing the receipt and retention of stolen digital resources. However, unlike physical crimes, proving digital offences requires reliance on digital footprints and robust cyber forensic support. These footprints, if properly captured, preserved, and analyzed, serve as crucial links in establishing the guilt of the accused. As cybercrime grows more sophisticated, so must our investigative tools and legal frameworks. Strengthening digital forensic capabilities and ensuring strict adherence to evidentiary standards is essential for the effective enforcement of Section 66B and safeguarding the digital domain.
By Bhavika Samtani (Intern)