Crypto, Dark Web and Beyond: CBDT’s New-Age Tools for Search & Seizure

The character of tax enforcement in India has undergone a profound transformation in the past decade. Where once the quintessential search meant officers descending on premises to uncover hidden books of accounts or unaccounted cash, the reality of the modern economy demands something far more sophisticated. In 2025, the Central Board of Direct Taxes (CBDT) updated its Search & Seizure Manual, explicitly recognising that evidence today is predominantly digital in nature and that investigations must therefore be anchored in technology.

This detailed article explores the new-age technologies, tools, and methods highlighted in the manual, with references to the relevant pages, and situates them within the broader policy context.

1. Why the 2025 Update Was Necessary

The manual’s foreword candidly notes that the Department’s existing Digital Evidence Investigation Manual (2014) was outdated. With rapid advancements in cloud storage, encrypted communications, and virtual digital assets (VDAs), earlier guidelines could not keep pace. The new manual explicitly aligns investigative protocols with:

• the Information Technology Act, 2000;
• the Digital Personal Data Protection Act, 2023; and
• the Bharatiya Sakshya Adhiniyam, 2023.

This triad ensures that procedures around seizure, preservation, and admissibility of digital evidence remain lawful and robust (Foreword, p.1).

The shift reflects global enforcement trends. Tax agencies worldwide—from the US IRS Criminal Investigation to HMRC in the UK—are deploying data analytics, AI, and cyber-forensic tools. CBDT’s recognition of the same is both inevitable and commendable.

2. The Expanding Investigative Toolkit

2.1 NATGRID: Multi-Source Data Fusion

NATGRID (National Intelligence Grid) is at the heart of the Department’s pre-search intelligence arsenal. It consolidates data from banks, airlines, railways, telecom operators, FASTag, immigration authorities, and vehicle registries. For investigators, this means:

• retrieving PAN-linked bank accounts across institutions,
• mapping FASTag travel routes to identify high-value vehicle movements,
• accessing railway ticket histories to track frequent travel, and
• obtaining immigration data to verify foreign trips.

Such insights allow officers to build robust pre-search dossiers, narrowing the scope of searches and reducing disruption (Manual, §1.4.1.2.8(a), pp.20–21)

2.2 Corporate Data Management (CDM)

The Corporate Data Management (CDM) system aggregates Ministry of Corporate Affairs (MCA-21) filings into analyzable formats. This enables officers to:

• track a person’s past directorships;
• identify struck-off companies used as conduits; and
• unravel networks of shell entities linked by common addresses or directors.

Shell companies have historically been used to layer transactions and launder funds. By harnessing CDM, investigators can pierce these structures swiftly (Manual, §1.4.1.2.8(b), p.20)

2.3 DIP and ASTR: Telecom Intelligence at Scale

The Digital Intelligence Platform (DIP), powered by the Department of Telecommunications, gives investigators access to subscriber details and telecom footprints. The integration of:

• TAFCOP (Telecom Analytics for Fraud Management and Consumer Protection); and
• ASTR (AI-based facial recognition module),

enables verification of SIM ownership and detection of fraudulent connections. Further, the Mobile Number Revocation List (MNRL) allows officers to flag numbers that have been deactivated or re-issued, a common tactic to evade detection (Manual, §1.4.1.2.8(c), p.21)

This has direct operational relevance: mapping communication networks between suspected tax evaders and their intermediaries.

2.4 Dark-Web Data Access Tool (DDAT)

Perhaps the most striking inclusion is the Dark-web Data Access Tool (DDAT) developed by C-DAC, Hyderabad. Traditionally beyond the reach of mainstream browsers, the dark web hosts illicit marketplaces, forums, and leaks. The tool permits:

• controlled and anonymised access to dark-web resources;
• monitoring of cryptocurrency exchanges or illicit service providers; and
• retrieval of compromised data relevant to taxpayers.

The manual confirms that user credentials have already been issued to Investigation Directorates (Manual, §1.4.1.2.8(d), p.21)

Press reports corroborate this, noting CBDT’s broader push to trace offshore servers, AI-platform data, and dark-web activity.

2.5 Insight and i-Search: Domestic Data Mining

The Insight portal consolidates income-tax returns, Statements of Financial Transactions (SFTs), Annual Information Statements (AIS), and third-party feeds. Its i-Search functionality enables officers to:

• match PANs, names, and addresses;
• identify common mobile numbers across taxpayers; and
• link directorships and asset holdings.

Such link analysis is crucial in uncovering hidden relationships before a raid is authorised (Manual, §1.4.1.1.1, pp.13–14).

2.6 FINnet 2.0 and FIU Integration

The Department’s access to FINnet 2.0, the Financial Intelligence Unit’s upgraded reporting platform, further strengthens investigations. Through STRs (Suspicious Transaction Reports) and CTRs (Cash Transaction Reports), investigators receive:

• real-time intelligence on unusual financial flows, and
• targeted case-specific reports upon request.

The manual notes that FIU outputs are routed through the Insight portal, and user manuals for FINnet 2.0 have been distributed (Manual, §1.4.1.2.3, p.13).

2.7 Digital Intelligence & Analytics Labs (DIALs)

Given the volume of data seized in modern searches—ranging from hard drives to cloud accounts—CBDT has established Digital Intelligence & Analytics Labs (DIALs). These labs provide:

• forensic imaging and secure storage of devices,
• advanced dashboards for analytics,
• AI/ML-based link detection, and
• integration with Cyber Forensics Labs (CFLs).

The manual explicitly records that DIALs are being rolled out across India to supplement the Department’s investigative capacity (Manual, §3.17, p.100). Recent reports highlight operational labs in Hyderabad and Patna, with more planned.

3. Special Focus: Virtual Digital Assets (VDAs)

Section 2.21 of the manual introduces guidance for cryptocurrencies and other VDAs. Officers are advised to:

• look for hardware wallets (Ledger, Trezor);
• secure seed phrases, QR codes, or paper wallets;
• seize mining rigs; and
• scan devices for crypto-related apps (Trust Wallet, OpenSea, Binance, etc.).

When VDAs are suspected, immediate control-room notification and forensic handling are mandated (Manual, §2.21, pp.59–60).

This section reflects India’s growing concern with crypto-linked tax evasion, aligning with global enforcement trends.

4. Digital Forensics Protocols

Beyond intelligence platforms, the manual stresses forensic rigour. Officers must:

• create forensic images rather than accessing devices directly;
• generate and preserve hash values;
• store data in sanitised secure environments; and
• maintain chain of custody logs.

These steps ensure that digital evidence remains admissible and credible in judicial proceedings (Manual, §3.17, p.100)

5. Legal and Privacy Safeguards

The manual underscores the importance of legality and proportionality. Key provisions include:

• Section 138 of the Income-tax Act: controlling inter-agency sharing of taxpayer data;
• IT Act, DPDP Act, and Bharatiya Sakshya Adhiniyam: ensuring lawful seizure, storage, and presentation of evidence;
• caution against over-collection of personal data or misuse of dark-web monitoring.

Chapter 9 specifically requires approvals for sharing intelligence with other law enforcement agencies (Manual, Ch.9, pp.135–139).

6. Broader Implications and Risks

The CBDT’s toolkit now rivals that of specialised cyber-crime units. By integrating NATGRID, DIP, DDAT, Insight, and DIALs, the Department can trace even the most sophisticated evasion strategies. Yet, this transformation raises concerns:

• Privacy: taxpayer data must be shielded from overreach or leaks;
• Judicial oversight: technology must not erode procedural safeguards;
• Evidentiary admissibility: mishandling of digital evidence could render it unusable in court.

Balancing investigative effectiveness with civil liberties will be critical as these systems mature.

Conclusion

The Search & Seizure Manual, 2025 represents a watershed moment in Indian tax enforcement. By embracing technologies such as NATGRID, DIP, DDAT, FINnet 2.0, and DIALs, the Income Tax Department has re-equipped itself for the digital age. At the same time, its emphasis on compliance with the DPDP Act and evidence law shows an awareness of privacy and due process concerns.

Going forward, the challenge lies in judicious application—ensuring that technology empowers enforcement without undermining taxpayer rights or the rule of law. If successfully implemented, CBDT’s digital leap could set a benchmark for investigative agencies across the globe.