Image Source: Getty
In an increasingly digitised society, the nature of crime has undergone a fundamental transformation—manifesting not only in cyberspace but often originating from it. According to the National Crime Records Bureau (NCRB), India—home to one of the world’s largest digital populations—recorded 65,893 cybercrime cases in 2022 alone, marking a sharp 24.4 percent surge over the previous year. These crimes include online financial fraud, identity theft, ransomware attacks, and the dissemination of child sexual abuse material (CSAM). The systemic rise in both frequency and sophistication of such offences has created an urgent need for a resilient national cyber forensic infrastructure capable of supporting law enforcement agencies with timely, verifiable, and legally admissible digital evidence.
According to the National Crime Records Bureau (NCRB), India—home to one of the world’s largest digital populations—recorded 65,893 cybercrime cases in 2022 alone, marking a sharp 24.4 percent surge over the previous year.
Since 2020, India has taken important steps to improve its cyber forensics system. This includes setting up modern labs, introducing clear legal procedures, and training more experts. Together, these efforts are helping build a stronger and more prepared system for investigating cybercrimes.
Strengthening the Backbone: National Infrastructure and Laboratory Networks
At the core of India’s cyber forensic strategy is the Indian Cyber Crime Coordination Centre (I4C)—operational since January 2020 under the Ministry of Home Affairs (MHA). I4C serves as the national nodal agency for cybercrime prevention and response. A cornerstone initiative under I4C is the National Cyber Forensic Laboratory (NCFL), bifurcated into two core divisions:
- NCFL (Investigation), New Delhi: Since its inception, this unit has supported over 11,800 cases, providing real-time assistance to law enforcement personnel during preliminary forensic examinations.
- NCFL (Evidence), Hyderabad: Established in 2022, this lab offers high-end digital forensic services. According to the MHA, forensic turnaround times have been reduced by nearly 50% with advanced imaging, malware analysis, and decryption tools.
Concurrently, modernising Central Forensic Science Laboratories (CFSLs) has brought mobile forensics, cryptocurrency tracking, and secure cloud data analysis capabilities. These labs are now linked via a national e-Forensics IT platform—which integrates over 117 state and central forensic labs—enabling encrypted data transfer, real-time collaboration, and minimising evidentiary delays.
Bridging the Federal Gap: Empowering States and Districts
While national institutions are crucial, cybercrime has a profoundly local impact. To address this issue effectively, the central government has helped states build their capabilities through the Cyber Crime Prevention against Women and Children (CCPWC) scheme. Since 2020, this programme has funded the establishment of cyber forensic and training labs across 33 States and Union Territories.
Moreover, over 550 mobile forensic vans operate in districts across India, equipped to conduct on-site data extraction, device cloning, and digital triage. These mobile units address the latency often associated with evidence transfer to labs, especially in rural or remote areas.
To address this issue effectively, the central government has helped states build their capabilities through the Cyber Crime Prevention against Women and Children (CCPWC) scheme.
Under the Nirbhaya Fund and the MHA’s modernisation schemes, states have received assistance to procure high-end tools, recruit digital forensic examiners, and undertake specialised training. However, disparities persist in lab equipment standards, software licensing, and skilled personnel, highlighting the need for cross-jurisdictional benchmarking and support.
Human Capital as Critical Infrastructure
The establishment of the National Forensic Sciences University (NFSU) in 2020 represented a pivotal shift in India’s forensic education landscape—a move experts view as key to bridging the gap between forensic science and the justice delivery system. Headquartered in Gandhinagar, Gujarat, and operating multiple regional campuses, NFSU was originally established in 2009 and later upgraded to a national institution. It offers courses in digital forensics, cyber investigation, and research programmes on emerging threats such as blockchain-based crimes and deepfakes. These programmes are for law enforcement, prosecutors, and judicial officers.
As of 2025, over 24,600 officials—including police personnel, cyber response teams, and judicial functionaries—have been trained under the CCPWC and associated schemes. This institutional approach marks a departure from earlier ad hoc training models, ensuring continuity and quality in forensic practice across jurisdictions.
Institutionalising Forensic Protocols and Legal Admissibility
Uniformity in forensic processes is essential for evidence to stand judicial scrutiny. In response, the Directorate of Forensic Science Services (DFSS) has issued standard operating procedures (SOPs) aligning with International Organization for Standardization (ISO)/ the International Electrotechnical Commission (IEC) 17025—the international benchmark for testing and calibration laboratories. These include calibrated equipment lists, data integrity protocols, and guidelines for preservation.
In 2020, the Supreme Court clarified how digital evidence should be handled in the case of Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal, stating that digital records must be properly certified under Section 65B of the Indian Evidence Act. This legal precedent—supported by DFSS protocols—provides critical clarity to trial courts often grappling with complex technical submissions.
Legal and Regulatory Frameworks: Building the Compliance Ecosystem
In April 2022, CERT-In issued new rules under Section 70B of the IT Act. These rules require service providers to keep important user activity records for 180 days and ask Virtual Private Network (VPN) and cloud service providers to store subscriber details for five years. These mandates—albeit debated for privacy implications—have improved evidence traceability in cases involving anonymised digital actors.
The recently launched Sahyog portal streamlines legal coordination among law enforcement, service providers, and digital platforms, reducing bureaucratic lag in urgent cyber investigations.
Additionally, the MHA designated I4C in 2024 as a notified agency under Section 79(3)(b) of the IT Act, allowing it to issue content takedown and data preservation notices. The recently launched Sahyog portal streamlines legal coordination among law enforcement, service providers, and digital platforms, reducing bureaucratic lag in urgent cyber investigations.
Technology Platforms Driving Scale and Coordination
Technology has been at the forefront of India’s response to cybercrime. Platforms such as:
These tools mark a shift from reactive investigation to proactive, data-linked policing, significantly expanding the national cybercrime response architecture.
While India has made substantial strides in enhancing its cyber forensic infrastructure, the journey has not been without its challenges. Several ground realities continue to hinder the full potential of this growing digital investigative capacity. Some of them are:
- Disparities in Resources and Infrastructure
Despite national-level investments and state support under schemes such as the CCPWC and the Nirbhaya Fund, a 2024 review of forensic practices in India notes uneven development across states. Some regions lack basic equipment or access to updated forensic tools and software, especially in district-level or rural facilities. There are also reports of delays in report generation, case backlogs, and limited technical staffing, which affect the timely use of digital evidence during investigations.
- Shortage of Skilled Manpower
The growth in cybercrime has outpaced the availability of qualified forensic professionals. According to the Journal of Cyber Security and Digital Forensics (2024), many labs face acute shortages of trained examiners, with high attrition due to better compensation in the private sector. Although the NFSU has expanded postgraduate and training programmes, the ecosystem lacks the critical mass of professionals needed for round-the-clock, high-quality investigations.
- Legal and Procedural Complexities
Even when digital evidence is successfully collected and preserved, it must meet stringent legal criteria for admissibility. The requirement of Section 65B certification under the Indian Evidence Act often leads to technical objections in court, resulting in acquittals or protracted trials. While the Supreme Court’s 2020 clarification helped standardise evidence handling, many district courts and investigating officers continue to face challenges in procedural compliance.
The requirement of Section 65B certification under the Indian Evidence Act often leads to technical objections in court, resulting in acquittals or protracted trials.
- Impact on Conviction Rates
A telling indicator of how increased capacity is translating into real-world outcomes is the conviction rate. According to the NCRB’s 2022 report, cybercrime cases across India surged, with Bengaluru recording the highest number of incidents (9,940 cases), followed by Mumbai (4,724), and Hyderabad (4,436). However, this spike has not been matched by enforcement outcomes—only 22.6 percent, 16.6 percent, and 25.4 percent of these cases, respectively, have resulted in a chargesheet.
- Data Access and Cross-Border Challenges
In many cases involving anonymised actors or offshore servers, Indian investigators face difficulties accessing encrypted or cross-border data. Although the CERT-In directions under Section 70B of the IT Act have improved data retention by service providers and enhanced traceability, mutual legal assistance treaties (MLATs) and content takedown requests often involve long bureaucratic delays.
Conclusion
India’s cyber forensic landscape has undergone a notable transformation since 2020. The convergence of standardised protocols, skilled human resources, secure digital infrastructure, and inter-agency coordination is gradually creating a national ecosystem for cyber investigations. However, foundational challenges remain in standardising lab capabilities across states, accessing encrypted or cross-border data, and ensuring judicial familiarity with technical evidence.
The convergence of standardised protocols, skilled human resources, secure digital infrastructure, and inter-agency coordination is gradually creating a national ecosystem for cyber investigations.
Nonetheless, the strategic direction is clear. The government’s multipronged push—rooted in legal, institutional, and technical capacity building—is not merely a response to rising cybercrime but an investment in national security and digital sovereignty. With sustained political will, adequate funding, and rigorous oversight, India can transition from fragmented readiness to a robust and harmonised cyber forensic regime.
Khushhal Kaushik is the Founder and CEO of Lisianthus Tech and one of India’s foremost cybersecurity experts.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Click Here For The Original Source.
