Introduction
Search and seizure operations are critical components of cyber crime investigation. Proper procedures ensure that evidence is legally obtained and admissible in court. This part covers the legal framework, practical procedures, and documentation requirements for search and seizure operations.
By the end of this part, you will understand warrant procedures, conduct lawful searches, properly seize electronic evidence, prepare panchnama, and create seizure memos that withstand legal scrutiny.
Warrant Procedures (Warrant Prakriya)
Search warrants provide legal authority to enter premises and seize evidence. Understanding when and how to obtain warrants is essential for lawful investigation.
Types of Search Warrants
General Search Warrant
Issued under BNSS Section 94 by Magistrate for searching premises suspected to contain evidence of crime.
Special Search Warrant
For specific items or documents. More targeted and often required for sensitive searches.
Emergency Powers
Under Section 79 IT Act, authorized officers can search without warrant in urgent situations.
Computer System Search
Under Section 80 IT Act, police can enter public premises to search computer systems.
Warrant Application Process
- Draft Application: Prepare detailed application mentioning FIR details, reason for search, specific premises address, items to be searched, and grounds for belief.
- Submit to Magistrate: Present application to the jurisdictional Magistrate with supporting documents and case diary extracts.
- Magistrate Examination: Magistrate may examine IO on oath, verify grounds, and assess necessity of search warrant.
- Warrant Issuance: If satisfied, Magistrate issues warrant specifying premises, time validity (usually 7-30 days), and scope of search.
- Execute Warrant: Conduct search within validity period, in presence of witnesses, with proper documentation.
Warrantless Search - When Permitted
| Situation | Legal Provision | Conditions |
|---|---|---|
| Consent Search | General Law | Voluntary, informed consent of owner |
| Exigent Circumstances | BNSS Section 92 | Evidence may be destroyed, life at risk |
| Public Place | Section 80 IT Act | Computer systems in public premises |
| Arrest Related | BNSS Section 48 | Search of person and immediate vicinity |
| IT Act Powers | Section 79 IT Act | Authorized officer, reasonable grounds |
Illegally obtained evidence may be excluded by court under exclusionary rule. Always err on the side of obtaining warrant when in doubt. Document reasons if warrantless search is conducted under emergency provisions.
Search Process (Talaashi Prakriya)
Conducting a lawful and effective search requires careful planning, proper execution, and meticulous documentation.
Pre-Search Preparation
- Review Warrant: Verify validity, scope, and premises address
- Team Assembly: Include technical expert, photographer, videographer, female officer (if women present)
- Equipment Check: Forensic kits, evidence bags, write blockers, cameras, forms
- Identify Witnesses: Arrange for two respectable independent witnesses (panchas)
- Brief Team: Explain objectives, roles, evidence handling protocols
- Communication Plan: Establish communication protocols, backup procedures
During Search - Step by Step
- Arrival and Announcement: Identify yourself as police, show warrant to occupant, explain purpose. Allow occupant to read warrant.
- Secure Premises: Secure entry/exit points, ensure no evidence destruction, control all persons present.
- Document Initial State: Photograph/video entire premises before touching anything. Note time, date, persons present.
- Systematic Search: Search methodically room by room. Do not rush. Look for hidden storage, false compartments.
- Evidence Identification: Mark potential evidence, photograph in situ before moving. Use numbered markers.
- Evidence Collection: Use proper handling procedures, anti-static measures for electronics. Package appropriately.
- Documentation: Record each item seized with description, location found, serial numbers, condition.
- Witnesses Attestation: Have panchas sign at each stage, ensure they observe actual seizure.
Search Protocols for Different Locations
| Location Type | Special Considerations |
|---|---|
| Residence | Female officer required if women present, respect privacy, allow female family member to be present |
| Office/Workplace | Coordinate with management, identify IT personnel, secure server rooms, business continuity |
| Data Center | Technical expert essential, minimize disruption, imaging vs seizure decision, chain of custody |
| Public Cyber Cafe | Identify specific terminal used, preserve CCTV footage, customer records, log files |
| Educational Institution | Coordinate with principal, protect student data, parental notification for minors |
Electronic Evidence Seizure (Electronic Saakshya Jabti)
Seizing electronic evidence requires specialized techniques to preserve data integrity and maintain chain of custody.
Types of Electronic Evidence
Computing Devices
Desktops, laptops, tablets, servers. Document make, model, serial number. Note power state.
Mobile Devices
Smartphones, basic phones, smartwatches. Use Faraday bags immediately. Note IMEI numbers.
Storage Media
Hard drives, SSDs, USB drives, memory cards, optical media. Handle with anti-static precautions.
Network Equipment
Routers, switches, modems, access points. Document configurations before seizure. Preserve logs.
Seizure Procedures for Different Devices
Running Computers
- Do NOT turn off immediately - volatile data may be lost
- Document running processes, open applications
- If trained, capture live memory (RAM dump)
- Photograph screen, note any suspicious activity
- If not technically capable, unplug power cord (desktop) or remove battery (laptop)
- Secure all cables and peripherals
Mobile Phones
- If ON: Enable airplane mode OR place in Faraday bag immediately
- If screen locked: Do not attempt to unlock - may trigger security wipe
- If OFF: Do not turn on - may alter data
- Document IMEI (dial *#06# if accessible)
- Seize charger and SIM cards separately
- Note any associated accounts (Google, Apple ID)
Storage Media
- Use anti-static bags for all storage devices
- Label with serial numbers, capacity, interface type
- Document condition (scratches, damage)
- Never plug into analysis computer directly
- Use write blockers for any examination
Create forensic images of storage media at the earliest. Original evidence should be preserved untouched. All analysis should be done on forensic copies. This ensures evidence integrity and allows multiple analyses.
On-Site vs Lab Analysis Decision
| Factor | On-Site Analysis | Lab Analysis |
|---|---|---|
| Volume of Data | Small, manageable | Large, complex |
| Time Pressure | Urgent, time-critical | Detailed, comprehensive |
| Technical Complexity | Basic examination | Advanced forensics needed |
| Resources | Limited equipment available | Full forensic lab access |
| Risk | Higher (controlled environment) | Lower (proper controls) |
Panchnama
Panchnama is a detailed record of search proceedings witnessed by independent witnesses (panchas). It is a crucial legal document that establishes the authenticity of evidence collection.
Purpose of Panchnama
- Provides independent witness to search and seizure
- Documents the entire procedure step by step
- Establishes that evidence was not planted
- Records condition of premises and evidence
- Creates contemporaneous record of events
Essential Contents of Panchnama
Panchnama Format Elements
- Header: Date, time, place, FIR details, warrant reference
- Personnel Details: IO name, designation, accompanying officers, technical experts
- Witness Details: Full particulars of panchas (name, age, address, occupation)
- Premises Description: Complete address, ownership details, occupants present
- Search Narrative: Detailed description of search conducted, room by room
- Seizure List: Each item seized with complete description, serial numbers, condition
- Evidence Handling: How each item was packed, sealed, labeled
- Photograph/Video: Reference to photographs and videos taken
- Statement of Owner/Occupant: Any statement made by premises owner
- Closing Time: Time of completion of search
- Signatures: All persons present, panchas, IO
Pancha Selection Criteria
- Adult citizens (preferably respectable persons from locality)
- Not related to accused or complainant
- Not police personnel or government servants (if possible)
- Able to read and understand proceedings
- Physically present throughout the search
- Willing to testify in court if required
Panchas must be present from beginning to end. They should actually witness the search and seizure, not just sign papers. Their testimony in court is crucial - a pancha turning hostile can damage the prosecution case significantly.
Seizure Memo (Jabti Memo)
The seizure memo is an official document listing all items seized during a search. It serves as proof of what was taken into custody and provides the basis for chain of custody documentation.
Seizure Memo Components
| Component | Details Required |
|---|---|
| Case Reference | FIR number, date, police station, sections |
| Date and Time | Exact date and time of seizure |
| Location | Precise address where seizure conducted |
| Item Description | Make, model, color, condition, identifying marks |
| Serial Numbers | All serial numbers, IMEI, MAC addresses |
| Quantity | Number of items of each type |
| Owner Details | Name of person from whom seized |
| Witness Signatures | Panchas signatures with full particulars |
| IO Signature | Investigating Officer signature and seal |
Sample Seizure Memo Entry for Electronic Evidence
Example Entry
Item No. 1: One Laptop Computer
Make: Dell | Model: Inspiron 15 | Color: Black
Serial No.: ABC123XYZ456
Service Tag: DEF789
Condition: Used, working, minor scratches on body
Power State at Seizure: Running, password protected login screen
Accessories: Power adapter with serial XYZ, laptop bag
Seized from: Bedroom, wooden desk, first drawer
Packed in: Anti-static bag, sealed with FSL seal
Seal Number: MH/CYB/2024/001
Best Practices for Seizure Documentation
- Prepare seizure memo in duplicate - one for record, one for occupant
- Use standard forms provided by department
- Be specific and detailed in descriptions
- Include photographs of each seized item
- Cross-reference with panchnama
- Obtain signature of person from whom seized
- If person refuses to sign, record refusal with witness signatures
- Always obtain search warrant except in clearly defined emergency situations
- Include technical experts and proper witnesses in search team
- Electronic evidence requires specialized handling - never alter power state casually
- Panchnama must have independent witnesses present throughout the search
- Seizure memo must document each item with complete identifying details
- Proper documentation ensures evidence admissibility in court