An electronic evidence checklist under the BSA should help a legal team preserve context before files are copied, converted, forwarded, or reviewed. Digital material is easy to duplicate and equally easy to separate from the account, device, system, timestamps, and collection history that explain it.

This guide offers an operational framework for lawyers and legal operations teams. It does not determine admissibility or prescribe a forensic method for every system.

What counts as electronic evidence for a practical checklist?

Think beyond documents attached to email. Potential sources include email accounts, messages, collaboration platforms, cloud drives, business applications, databases, logs, websites, audio, video, photographs, access records, mobile devices, removable media, backups, and system-generated reports.

Create a source map before collecting. Identify the custodian or system owner, device or account, provider, data type, relevant period, access route, retention behaviour, and known dependencies. A screenshot of a message may show content while omitting metadata, surrounding conversation, edits, reactions, or account information.

SourceContext often neededPreservation concern
EmailHeaders, mailbox, thread, attachmentsForwarding may alter context
MessagingParticipants, timestamps, edits, reactionsExport features and retention vary
Cloud filesVersion history, sharing, activityCurrent download may omit history
Business systemField definitions, logs, report queryExport may be a generated view
Photo or videoOriginal file, metadata, device contextMessaging can recompress files
WebsiteURL, capture time, assets, dynamic stateContent can change rapidly
DeviceUser, clock, settings, application dataHandling can modify data

The official text of the Bharatiya Sakshya Adhiniyam, 2023 should be consulted for current evidence-law analysis. Whether a particular record, copy, certificate, or method satisfies an applicable requirement depends on the facts and legal issues.

What should happen when a dispute or investigation becomes foreseeable?

Preservation begins with a scoped legal decision. Identify relevant issues, people, systems, locations, and time periods. Suspend routine deletion where required and feasible. Notify custodians clearly, document the instruction, and follow up. Coordinate with information security and system owners so preservation steps do not disrupt operations or destroy volatile context.

Use a preservation checklist:

  • A lawyer has defined the matter and preservation scope.
  • Relevant custodians, shared accounts, devices, and systems are mapped.
  • Routine deletion, rotation, or auto-expiry has been assessed.
  • Preservation notices identify what must and must not be done.
  • Departing staff and device replacement processes are covered.
  • Third-party and cloud-provider data is considered.
  • Steps, dates, owners, and exceptions are recorded.
  • Scope is reviewed as claims, defences, and facts develop.

Preserve proportionately and lawfully. Privacy, employment, confidentiality, contractual, cross-border, and sector requirements may affect collection and access.

How should electronic records be collected and documented?

Use a method appropriate to the source and the matter. Qualified forensic assistance may be necessary when deleted data, device state, application databases, disputed authenticity, or complex systems are involved. Avoid opening and resaving original files merely to inspect them.

For each collection, record who authorised it, who performed it, when, from what source, with what tool or procedure, the scope applied, output produced, and any error or exception. Preserve the original export or image as controlled source material and create review copies separately.

A collection manifest can contain:

FieldExample purpose
Collection IDStable link across transfer, review, and production
Matter and authorityExplains why the collection occurred
Custodian or systemIdentifies provenance
Source detailsAccount, device, location, or application
Date and operatorEstablishes collection history
Method and tool versionMakes the process explainable
ScopeDate range, folders, fields, or query
Integrity valueSupports later comparison where appropriate
ExceptionsRecords errors, inaccessible areas, and limitations

The Information Technology Act, 2000 is another official legislative source relevant to electronic records and related matters in India. Counsel should assess how its provisions and other applicable rules interact with the BSA in the specific case.

What metadata and integrity information should be preserved?

Preserve metadata that is relevant and available from the source, such as creation and modification values, sender and recipient fields, identifiers, paths, version information, and technical properties. Do not assume metadata is self-explanatory or always reliable. System clocks, exports, migrations, user actions, and time zones can affect it.

Cryptographic hash values can help demonstrate that two byte sequences match, but a hash does not prove authorship, truth, lawful collection, or complete context. Record the algorithm, value, object hashed, time, and operator. If a file is converted for review or filing, retain the source and explain the relationship between versions.

CERT-In publishes official directions and advisories relating to cyber incident and information-security matters. Incident response, log retention, and reporting obligations should be checked against the current directions applicable to the organisation. A litigation hold and an incident response process may overlap, but neither should silently replace the other.

How should BSA certificate questions enter the workflow?

Identify certificate and foundational-evidence questions early, not on the eve of filing. Counsel should determine the applicable provisions, the record relied upon, how it was produced, the relevant device or system, who has the necessary knowledge or position, and what procedural timing applies.

Use a lawyer-controlled decision record:

  • The exact electronic record proposed for reliance is identified.
  • Source and production method are documented.
  • The applicable BSA provision has been checked in the current official text.
  • The person competent to provide required information has been identified.
  • Technical facts are confirmed by someone who actually knows the system.
  • The certificate or supporting material matches the produced record.
  • Dates, identifiers, devices, and integrity values are internally consistent.
  • Filing and service requirements for the forum are checked.
  • Later transformations, excerpts, or compilations are explained.

Do not copy a certificate template blindly. A polished form with inaccurate technical statements can weaken rather than strengthen the evidence record.

How do you review electronic evidence without losing context?

Create defensible review copies and keep them linked to sources. De-duplicate carefully while preserving custodian information. Maintain message families and attachments. Record OCR status and do not treat failed text extraction as proof that a document contains no relevant language.

Tag issues, people, events, privilege, confidentiality, and review decisions using controlled definitions. Link important documents to a chronology entry with page, paragraph, timestamp, or message-level citations. The guide to litigation chronology software explains how source-linked event review can keep inference separate from evidence.

Gotham's practice workspace can keep matter documents and context together, while legal workflows can support collection intake, review, and approval stages. Any technology used with sensitive evidence should be assessed for access, deployment, logging, retention, and export. See the security overview for Gotham's published approach.

What checks belong before production or filing?

Confirm scope, responsiveness, privilege, confidentiality, redaction, format, completeness, and authority. Compare the production set with its manifest. Test redactions so hidden text, layers, comments, attachments, and metadata are handled as intended. Keep the controlled unredacted source separately.

Quality checkQuestion
IdentityIs this the intended record and version?
ProvenanceCan the source and collection path be explained?
CompletenessAre attachments, pages, threads, or fields missing?
TransformationAre OCR, conversion, excerpting, and redaction recorded?
Legal reviewWere relevance, privilege, and restrictions assessed?
CertificateDoes supporting material match the exact record?
PackageDo files, index, manifest, and references align?
RetentionAre source and produced sets preserved appropriately?

The current rules and portal instructions of the relevant court remain authoritative for filing mechanics. Retain the exact submitted package, receipt, defect communications, and any corrected version.

How should teams respond when authenticity is challenged?

Return to sources and records, not confidence scores. Identify precisely what is disputed: authorship, integrity, completeness, time, system generation, collection method, or interpretation. Preserve devices, accounts, logs, exports, and witnesses that can speak to the disputed point, subject to lawful process.

Build a neutral provenance timeline showing creation or receipt, storage, collection, transfer, processing, review, and production. Mark missing links honestly. A later reconstruction should never be presented as a contemporaneous log.

How can an organisation stay ready before a dispute occurs?

Maintain a current systems map, named legal and technical contacts, tested preservation procedures, and clear escalation from security incidents to legal review. Train people not to investigate by forwarding, editing, or mass-downloading material without authority. Test exports from important systems before a crisis exposes an inaccessible format or unexpectedly short retention period.

Readiness is not indiscriminate retention. It is knowing where relevant records live, how they change, who controls them, and how to preserve them lawfully when needed. For a discussion about traceable litigation evidence workflows, contact Gotham or review pricing.