Indian Kanoon - Search engine for Indian Law

56. Expert witnesses were examined by both the parties. DW3 is a Cyber Security Analyst. He was engaged to provide services of cyber security to Plus Max Group of Companies and to find out whether any attack on the system of the company occurred or it was from the end of Dynamic Brands. During the process, he had taken access to emails of [email protected] and [email protected] and analyzed the same. He sought metadata of emails dated 04.08.2020 received from [email protected] and replied to all by Ashok Kumar through [email protected] and checked all the subsequent trail emails. He found that email dated 04.08.2020 was sent from [email protected] at 08:30:50 to [email protected] and CC to [email protected], [email protected] and [email protected]. Further in reply to the sender marked [email protected]. In this way, when Ashok Kumar replied the email by selecting the option ' Reply to All' , the emails were sent to the emails addresses already marked by the sender of email [email protected] dated 04.08.2020 at 08:30:50. Accordingly, the trail mails were received and sent by selecting the option of 'Reply to all' from both the sides. It was deposed by DW3 that from comparison of metadata and emails addresses on the emails, nothing had been changed or altered from the side of Plus Max Group of Companies and it responded only on the email originally sent through [email protected] . Report was placed on record as Ex. DW3/2.

57. This witness however stated that he was neither the author of report Ex.DW3/2 nor the part of the team which prepared the said report, though he sought to clarify that he had verified the said report. He conceded that analysis referred in the report Ex. DW3/2 was not conducted in his presence and he was told by his senior about the analysis conducted. He had taken the printouts of Meta data Ex. DW3/4 and Ex. DW3/5 by remotely connecting himself with the email account of the defendants in its computer system. He admitted that the metadata and the header, the printout of which he had taken using his system, was there in the email account of the defendants. He also admitted that he had not mentioned the methodology or the steps taken to analyze the metadata in his affidavit Ex. DW3/X. He further admitted that the metadata and the email headers are created at the moment the mail is received in the inbox and that there was gap of three years between the date when the metadata and the email header was created and the date when the printout of the same was taken by him. He admitted that he had not mentioned any methodology used to ensure that the metadata and email headers were not tampered between the said period when the same was with the defendants. But sought to clarify that the metadata and email headers were downloaded directly from the google server and hence there was no chance of tampering.

58. DW3 further admitted that when metadata is downloaded from the google server, a separate file is created for metadata pertaining to each email. If the metadata pertains to single email, a single metadata file will be downloaded but if it pertains to loop of mails, then metadata of entire loop will be downloaded. He admitted that Ex. DW3/4 comprises of five separate metadata files for five separate emails and for proper analysis of an email, the complete analysis of entire metadata is required. This witness was put question that metadata pertaining to email dated 04.08.2020 at 08:30 consisted of total of 91 pages as mentioned in the footer at point 'A', however only four pages thereof have been filed on record, to which he answered that he has filed four pages because the same were only relevant as per the screenshot which also mentions the time of the email.

67. PW2 further stated that he had checked the metadata of email ID referred by him in report Ex. PW2/A and denied that he had not annexed any document related to metadata as the email flow in respect of entire trail mail was saved in the metadata.

68. From the examination of witnesses as noted above and perusal of the expert report, it can be concluded that email pertaining to change of details had not been sent by plaintiff and defendants had sent reply to the different email IDs and also followed the instructions of the sender from fake email address. Thereby it was the defendant who was the victim of cyber fraud.