Section 65 of the Information Technology Act, 2000 deals with tampering with computer source documents. In plain terms, it targets deliberate concealment, destruction, or alteration of source code that a person is legally required to keep or maintain.
Section 65 (IT Act): tampering with computer source documents
The text commonly cited for Section 65 states that whoever knowingly or intentionally conceals, destroys, or alters any computer source code used for a computer, computer programme, computer system, or computer network, when that source code is required to be kept or maintained by law, can be punished with imprisonment up to three years, or a fine up to two lakh rupees, or both.
What counts as "computer source code" under the explanation
The section's explanation defines computer source code as the listing of programmes, computer commands, design and layout, and programme analysis of a computer resource in any form.
What must usually be shown for a Section 65 allegation
- Intent: the act was knowing or intentional, not accidental loss.
- An act of tampering: concealment, destruction, or alteration.
- Legal requirement: the source code (or the specific records treated as source documents) was required to be kept or maintained by law in that context.
Where this comes up in real-world incidents
Section 65 is often discussed alongside investigations where a system was altered after an event. Examples include code or configuration changes that affect what logs show, deletion of build artefacts, or changes that make it harder to reconstruct what happened on a critical server.
For businesses, the risk is not only the incident itself. It is also what happens after, when teams scramble and important artefacts get overwritten. If you are responding to an incident, preserve first, fix second.
Evidence that typically matters
- Forensic images and hash values: to show integrity of the collected data.
- Version control history: commit logs, branches, and access trails.
- Change management records: tickets, approvals, deployment logs.
- Backups and snapshots: to compare before and after states.
If you need a practical overview of how evidence is collected and preserved, see the computer forensics process and hard drive imaging services. For legal framing and next steps, cyber law in India is a useful starting point.
Need help preserving source-code evidence?
If you are preparing for a complaint, audit, or internal investigation and need to lock down artefacts without contaminating evidence, contact our team to plan a preservation-first approach.