Part 1: First Information Report (FIR) for Cyber Crimes | Module 5

Introduction to FIR in Cyber Crime Cases

The First Information Report (FIR) is the foundational document of any criminal investigation in India. In cyber crime cases, drafting an FIR requires special attention to technical details, digital evidence descriptions, and proper legal section citations. A well-drafted FIR not only sets the investigation in the right direction but also forms the basis for successful prosecution.

📚 Legal Definition

An FIR is the information recorded by a police officer about a cognizable offense under Section 173 of BNSS (Bharatiya Nagarik Suraksha Sanhita), 2023 (formerly Section 154 CrPC). It is the first step towards initiating criminal proceedings.

🛠 Practical Tool Available

Use the FIR Draft Generator Tool to create professionally formatted FIR drafts for various cyber crime categories with proper legal sections and essential technical details.

Legal Framework for FIR Registration

BNSS Section 173: Information in Cognizable Cases

Under the new Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023, Section 173 governs the registration of FIR:

Section 173(1): Mandatory registration when information relates to commission of cognizable offense
Section 173(2): FIR to be reduced to writing, read over to informant, and signed
Section 173(3): Free copy of FIR to be given to informant
Section 173(4): Provision for electronic FIR (e-FIR) and suo motu registration

⚠ Important Change in BNSS

BNSS Section 173(4) explicitly recognizes electronic filing of FIR (e-FIR), which was previously allowed through administrative orders but now has statutory backing. This is particularly relevant for cyber crime reporting.

Key Legal Provisions for Cyber Crime FIRs

Provision	BNSS Section	Purpose
FIR Registration	Section 173	Recording information of cognizable offense
Zero FIR	Section 173(1)	Registration at any police station irrespective of jurisdiction
e-FIR	Section 173(4)	Electronic filing of FIR
Preliminary Enquiry	Section 173(3)	Enquiry before FIR in specified cases (up to 14 days)

Zero FIR: A Powerful Tool for Cyber Crimes

Zero FIR is particularly important for cyber crimes due to their inherently borderless nature. Victims can lodge complaints at any police station, which then forwards it to the appropriate jurisdiction.

🎯

What is Zero FIR?

An FIR registered at any police station irrespective of the area where the offense was committed. The FIR number is assigned as "0" initially and renumbered at the concerned police station.

📍

Jurisdictional Transfer

After recording Zero FIR, it must be transferred to the police station having territorial jurisdiction within 24 hours for investigation.

⚡

Importance in Cyber Crime

Since cyber crimes often originate from different jurisdictions or even foreign countries, Zero FIR ensures immediate registration without jurisdictional delays.

🔐

Time-Sensitive Evidence

Quick registration through Zero FIR enables immediate preservation requests to service providers before digital evidence is deleted or overwritten.

💡 Practical Example

A victim in Delhi receives a phishing call from a number traced to Jamtara, Jharkhand. They can lodge a Zero FIR at their nearest police station in Delhi. The Delhi police records the FIR with "0" number and transfers it to the concerned Cyber PS in Jharkhand. Meanwhile, the Delhi police can immediately issue a preservation request to the telecom provider.

Electronic FIR (e-FIR) under BNSS

The BNSS formally recognizes electronic FIR filing, making it easier for cyber crime victims to report offenses without physically visiting a police station.

Channels for e-FIR Registration

National Cyber Crime Reporting Portal (NCRP): cybercrime.gov.in - Primary channel for cyber crime reporting
State Police Portals: Many states have their own e-FIR systems integrated with NCRP
Helpline 1930: Financial fraud can be reported via helpline for immediate action
Mobile Apps: State police apps enabling online complaint registration

e-FIR Process Flow

Online Complaint Registration

Victim files complaint on NCRP portal with details of the offense, supporting documents, and digital evidence (screenshots, transaction records, etc.)

Acknowledgment Number

System generates a unique acknowledgment number for tracking. This is NOT the FIR number yet.

Police Review

Concerned police station reviews the complaint and may contact complainant for additional information.

FIR Conversion

If cognizable offense is disclosed, the complaint is converted to FIR and assigned a proper FIR number.

Investigation Commencement

IO is assigned and investigation begins. FIR copy sent to complainant electronically.

Essential Elements of Cyber Crime FIR

A well-drafted cyber crime FIR must contain specific technical and legal elements to ensure effective investigation and prosecution.

Mandatory Information

👤

Complainant Details

Full name, address, contact number, email, Aadhaar (optional), relationship with victim if different from complainant.

📅

Date, Time & Place

Exact date and time of incident (with timezone), location of victim when offense occurred, and location of digital device used.

📝

Detailed Narrative

Chronological description of events, modus operandi of accused, how the crime was discovered, and actions taken by victim.

💰

Loss/Damage Details

Financial loss amount, property affected, data compromised, reputational damage, and emotional distress suffered.

Technical Details (Critical for Cyber Crimes)

Category	Details to Include
Device Information	Device type, make, model, IMEI/serial number, OS version, IP address (if known)
Account Information	Email accounts, social media handles, banking accounts, UPI IDs involved
Communication Evidence	Phone numbers used by accused, email addresses, chat platforms, URLs/links
Transaction Details	Bank account numbers, transaction IDs, UPI transaction references, cryptocurrency wallet addresses
Digital Evidence	Screenshots, call recordings, message logs, email headers, digital receipts

Legal Sections to be Cited

The FIR must cite appropriate sections based on the nature of the offense. Common sections for cyber crimes include:

Offense Type	IT Act Sections	BNS Sections
Unauthorized Access/Hacking	66	303 (Data theft)
Identity Theft	66C	318 (Cheating by personation)
Cyber Fraud/Cheating	66D	316, 318, 319 (Cheating provisions)
Obscene Content	67, 67A, 67B	292, 294 BNS
Cyber Stalking	66A (struck down), 67	351 (Criminal intimidation)
Data Breach	43, 66	303 (Data theft)
Cyber Terrorism	66F	113 BNS (Terrorist act)

FIR Drafting Guidelines for Common Cyber Crimes

1. Online Financial Fraud (UPI/Banking)

I, [Complainant Name], resident of [Full Address], working as [Occupation], hereby lodge this complaint: On [Date] at approximately [Time], I received a phone call from mobile number [+91-XXXXXXXXXX]. The caller identified himself as [Name claimed] from [Bank/Company name] and stated that my [ATM card/account] needs to be updated/verified urgently. The caller created urgency stating that my account would be blocked if not updated immediately. Under this pretext, the caller obtained: - My ATM card number: [Card Number - partially masked] - CVV: [XXX] - OTP received on my mobile: [XXXXXX] Subsequently, the following unauthorized transactions occurred from my account: 1. Transaction ID: [TXN ID] | Amount: Rs. [Amount] | Time: [HH:MM] 2. [Additional transactions if any] Total Financial Loss: Rs. [Total Amount] (Rupees [In Words]) My Bank Account Details: - Bank: [Bank Name] - Account No: [Account Number] - Branch: [Branch Name] - IFSC: [IFSC Code] I have informed my bank and blocked the card. I request appropriate action under Sections 66C, 66D of IT Act 2000 and Sections 316, 318, 319 of BNS 2023. Evidence Attached: 1. Bank statement showing unauthorized transactions 2. Screenshot of call log showing fraudulent number 3. SMS screenshots of OTPs and transaction alerts

2. Social Media Impersonation/Defamation

I, [Complainant Name], hereby lodge this complaint regarding fake social media account and defamatory content: On [Date], I discovered a fake account on [Platform - Instagram/Facebook/X] impersonating me: Fake Account Details: - Profile URL: [Complete URL] - Username: [@username] - Account Name: [Display Name] - Followers/Following: [Numbers if visible] The account has been posting: 1. Defamatory content stating [Brief description of defamatory posts] 2. Morphed photographs of me obtained from [Source if known] 3. Messages to my contacts soliciting money/spreading misinformation This has caused: - Damage to my personal and professional reputation - Mental harassment and emotional distress - [Specific harm suffered] I suspect the accused to be [Name if known] because [Reasons for suspicion]. OR The accused is unknown and I request investigation to identify them. I request action under Sections 66C (Identity Theft), 67 (Obscene content if applicable) of IT Act 2000, and Sections 351 (Criminal Intimidation), 356 (Defamation) of BNS 2023. Evidence: 1. Screenshots of fake profile with timestamps 2. Screenshots of defamatory posts 3. My genuine profile for comparison 4. Communications received from contacts about fake account

3. Ransomware/Hacking Attack

I, [Complainant Name], [Designation] of [Organization Name], hereby report a cyber attack: On [Date] at approximately [Time], our organization's computer systems were compromised: Systems Affected: - Number of computers/servers: [Count] - IP addresses: [Range or specific IPs] - Operating Systems: [Windows/Linux versions] Nature of Attack: [Ransomware Name if identified] encrypted all files with extension [.xxx] A ransom note appeared demanding [Amount in Bitcoin/INR] Ransom Note Details: - Bitcoin wallet address: [Wallet Address] - Contact email: [Attacker's email] - Deadline given: [Date/Time] Data Compromised: - Customer records: [Approximate count] - Financial data: [Description] - Proprietary information: [Description] Estimated Business Loss: Rs. [Amount] Immediate Actions Taken: 1. Disconnected affected systems from network 2. Informed CERT-In 3. Engaged incident response team 4. Preserved system logs and memory dumps I request urgent investigation under Sections 43, 66, 66F of IT Act 2000 and Section 303 of BNS 2023. Evidence Preserved: 1. System logs and event logs 2. Screenshots of ransom note 3. Memory dumps of affected systems 4. Network traffic logs 5. Firewall logs

Common Mistakes to Avoid in Cyber Crime FIRs

⚠ Critical Errors That Weaken Cases

Vague Description: Writing "I was cheated online" without specific details of modus operandi
Missing Technical Data: Not including phone numbers, URLs, transaction IDs, or IP addresses
Wrong Section Citation: Citing Section 66A (struck down) or inapplicable sections
Delayed Reporting: Not mentioning when offense was discovered vs. when it occurred
Missing Timeline: Not providing chronological sequence of events with dates and times
Incomplete Financial Details: Not specifying exact amounts, account numbers, or transaction references
No Evidence Mention: Not listing available digital evidence like screenshots or call recordings
Jurisdictional Confusion: Not clarifying where the victim was located during the offense

Post-FIR Procedures

Immediate Actions After FIR Registration

Obtain FIR Copy

Collect the certified copy of FIR immediately. Under BNSS Section 173(3), a free copy must be provided to the informant.

Note Investigation Officer Details

Record the name, designation, and contact details of the assigned Investigation Officer for future coordination.

Preservation Requests

Ensure IO immediately issues preservation requests to relevant service providers to prevent evidence deletion.

Bank/Financial Institution Notification

Formally inform banks to freeze suspicious accounts and preserve transaction records.

Follow-up Schedule

Establish a follow-up schedule with IO and maintain communication log of all interactions.

📚 Key Takeaways

BNSS Section 173 governs FIR registration with explicit recognition of e-FIR
Zero FIR is crucial for cyber crimes - report at nearest police station without jurisdictional delays
Include comprehensive technical details: phone numbers, URLs, IP addresses, transaction IDs
Cite correct legal sections - both IT Act and BNS provisions as applicable
Attach all available digital evidence with the FIR
Use the NCRP portal (cybercrime.gov.in) for e-FIR registration
Time is critical - delayed reporting leads to evidence loss
Always obtain a certified copy of the FIR immediately after registration