Case Study: Court-Admissible WhatsApp Forensics for Mumbai Corporate Fraud

The situation

A Mumbai-listed midcap company (we'll call them "TraderCo") had board-level concerns about procurement irregularities. Multiple vendor contracts had been awarded at above-market rates to firms with apparent connections to the procurement head. The audit committee engaged outside counsel; outside counsel engaged Bachao.AI for the forensic investigation.

Constraints:

1. The procurement head was still employed and unaware
2. Evidence had to be acquired without alerting the subject
3. Findings would potentially be used in: (a) internal termination proceeding, (b) civil recovery suit, (c) potential criminal complaint
4. Section 65B certified evidence was essential
5. 6-week timeline before the board needed conclusions

Acquisition (Week 1)

Coordinated with counsel and HR, Bachao.AI's forensic team acquired:

On-site over a weekend (subject travelling):

1. Company-issued laptop (full disk forensic image with write-blocker)
2. Company-issued phone (full physical acquisition via Cellebrite)
3. Backup tapes for the procurement department's shared drive

1. Microsoft 365 mailbox (full export including deleted items)
2. Slack workspace (subject's messages + DMs)
3. Company VPN logs for the past 18 months

1. Subject had voluntarily provided phone access to HR for an unrelated matter 4 months prior
2. HR's prior phone backup contained pre-litigation snapshot
3. Bachao.AI forensic team validated the prior backup against current state using hash comparison

Analysis (Weeks 2–4)

WhatsApp forensics on company phone:

1. Full chat history recovered including 7 deleted conversations
2. Counterparties identified through phone number-to-VPA-to-PAN correlation
3. 4 conversations with vendor representatives showed pricing discussions inconsistent with the formal procurement record
4. 2 conversations contained explicit references to "commission" and "share"

1. 14 additional vendor conversations not visible on company phone
2. Multiple conversations with one specific vendor mentioning amounts that correlated with bank transfer records (obtained separately via court process)

1. 23 emails between subject and vendor representatives outside company email policy
2. 8 emails containing pricing details that pre-dated formal vendor responses by 3–7 days (indicating leaked information)
3. Auto-forwarding rule discovered on subject's mailbox redirecting procurement notifications to a personal email — set up 14 months before the investigation began

1. Email + WhatsApp + Slack messages reconstructed into a unified chronological timeline
2. Patterns showed coordinated vendor scoring (subject's emails timed to align with vendor proposal submissions)
3. Total estimated procurement irregularity: ₹14.7 crore over 18 months

Reporting (Weeks 5–6)

The deliverables to outside counsel:

1. 240-page forensic report with full methodology
2. Section 65B certificates for every electronic record cited (23 certificates)
3. Hash registry with verification commands for every artefact
4. Chain-of-custody log (240 entries across the engagement)
5. Forensic image of every device preserved in Bachao.AI evidence locker
6. Expert witness availability declaration

What happened

The findings were presented to TraderCo's board with outside counsel. Decision: terminate subject with cause, refer matter to civil arbitration for recovery, file criminal complaint with EOW Mumbai.

Civil arbitration:

1. TraderCo's case relied heavily on the Bachao.AI forensic evidence
2. Counsel for the subject challenged the Section 65B certification
3. Bachao.AI forensic lead testified as expert witness for 2 days
4. Cross-examination focused on chain of custody and acquisition methodology
5. Arbitrator accepted the evidence; awarded ₹9.2 crore recovery against subject

1. EOW Mumbai accepted the forensic evidence under proper Section 65B
2. Bachao.AI forensic team coordinated with EOW for evidence handover with full chain of custody
3. Proceedings ongoing at the time of this case study publication

What it cost

What TraderCo's outside counsel said

"Forensic evidence is only as good as the chain of custody and the Section 65B certification. Bachao's methodology survived cross-examination from an experienced opposing counsel. The arbitrator's acceptance speaks for itself. The team understood not just the technology but the legal context — that's rare in cyber forensics."

Pattern this engagement followed

Common shape for Bachao.AI's cyber forensics engagements:

1. Internal investigation triggered by board / audit committee
2. Subject still employed; discreet acquisition required
3. Evidence likely to be used in legal proceedings
4. Section 65B certification essential
5. Expert witness availability needed

Schedule the forensics scoping call →

Related: Cyber Forensics India Methodology · Digital Forensics for Indian Law Firms