The traditional framework of the law of evidence has been permanently altered by the digital revolution. In contemporary litigation, a significant portion of commercial disputes, criminal prosecutions, and family law matters rely on electronic data. Text messages exchanged on instant messaging applications, digital image captures of websites, and system log files generated by enterprise network architectures are routinely introduced into judicial proceedings.
However, the nature of digital data introduces significant legal vulnerabilities. Digital files are intangible, easily altered, and prone to deletion or tampering without leaving obvious physical traces. In the Turkish legal system, simply presenting a standard printout of a chat screen or a text file containing server data is no longer sufficient to secure a favorable judgment.
For a piece of electronic data to function as admissible digital evidence (dijital delil), legal practitioners must carefully navigate the complex rules of authenticity, chain of custody, and systemic integrity.
This comprehensive legal guide provides an exhaustive analysis of the statutory mechanisms, digital forensic standards, and evidentiary rules governing the introduction of screenshots, message logs, and server files under Turkish procedural law.
1. The Statutory Framework: Digital Evidence as Electronic Data under Turkish Law
To successfully introduce digital evidence into a Turkish court, counsel must first establish its proper statutory classification under relevant procedural codes.
A. The Doctrine of Document Evidence under the Civil Procedure Code (HMK)
In civil and commercial litigation, Article 199 of the Turkish Code of Civil Procedure (HMK) establishes the foundational definition of a document (Belge).
Article 199 HMK: “Data structures such as written or printed text, sounds, images, or electronic records that are suitable for proving a disputed fact are considered documents.”
Under this broad definition, electronic mail messages, database records, and instant messaging transcripts are legally recognized as documents. However, their evidentiary weight depends on whether they are classified as conclusive evidence (kesin delil) or discretionary evidence (takdiri delil).
If a digital record is secured with a qualified electronic signature (güvenli elektronik imza) under Law No. 5070, it is treated as conclusive evidence, holding the same legal weight as a notarized document. Without an electronic signature, basic screenshots and unverified message logs are classified as discretionary evidence, meaning the judge evaluates them alongside other supporting elements.
B. Free Evaluation of Evidence under the Criminal Procedure Code (CMK)
In criminal litigation, Article 217 of the Turkish Code of Criminal Procedure (CMK) grants judges the authority to freely evaluate all evidence that has been lawfully obtained.
Unlike civil litigation, which places statutory limits on when certain types of evidence are required based on the financial value of a dispute, criminal courts can accept any digital data stream provided it was secured in strict compliance with constitutional protections and privacy laws. Any digital evidence obtained via unlawful searches or without proper judicial warrants is strictly inadmissible under Article 217(2) of the CMK and Article 38 of the Turkish Constitution.
2. Authentication of Digital Screenshots: Overcoming the “Tampering” Defense
Digital screenshots (ekran görüntüleri) are the most common yet most legally vulnerable type of electronic evidence used in modern courts. Whether proving an online insult case under Article 125 of the Turkish Penal Code (TCK) or a violation of personality rights under Article 9 of Law No. 5651, screenshots are frequently introduced to capture a fleeting digital event.
┌─────────────────────────────────────────┐
│ THE EVOLVING STATUS OF SCREENSHOTS │
└────────────────────┬────────────────────┘
│
┌─────────────────────────────┴─────────────────────────────┐
▼ ▼
┌─────────────────────────────────┐ ┌─────────────────────────────────┐
│ THE TRADITIONAL DEFENSE │ │ MODERN FORENSIC PROTOCOLS │
├─────────────────────────────────┤ ├─────────────────────────────────┤
│ • Adverse parties argue that a │ │ • Secure cryptographic hash │
│ standard .png or .jpeg file │ │ values (e.g., SHA-256). │
│ was manipulated via software. │ │ • Utilize official e-Notary │
│ • Unverified captures face risk │ │ registries to create an │
│ of judicial rejection. │ │ immutable time anchor. │
└─────────────────────────────────┘ └─────────────────────────────────┘
The Problem of Digital Manipulation
The central legal challenge to a standard screenshot is its lack of inherent integrity. A tech-savvy individual can easily modify a webpage’s visible text using built-in browser developer tools in seconds, capturing an image of a false statement without altering the actual server data. Consequently, the Turkish Court of Cassation (Yargıtay) increasingly rules that simple, unverified screenshots are insufficient on their own to support a conviction or a civil liability award if the opposing party formally disputes their authenticity.
Best Practices for Forensic Admissibility
To ensure a screenshot is accepted as reliable evidence, legal counsel must use advanced digital preservation methods:
- The e-Notary Documentation System (e-Noter Tespitleri): The Union of Notaries of Türkiye (Türkiye Noterler Birliği) operates an electronic portal that allows users to record live website data. An attorney can log in using their secure e-signature, access the offending URL through the notary portal, and generate a legally binding archival certificate that authenticates the exact content of the page at that specific moment.
- Cryptographic Hash Value Calculations ($SHA-256$/$MD5$): When saving a screenshot file, it should immediately be processed through a cryptographic algorithm to generate a unique digital fingerprint or hash value. Any subsequent attempt to modify even a single pixel in the image will completely change the resulting hash value, allowing forensic experts to easily prove that the file has remained unaltered since the moment it was recorded.
- Comprehensive Metadata Retention: Screenshots should never be cropped or compressed. The complete system interface—including the operating system clock, full URL path bar, browser details, and network connection status—must remain visible within the image file.
3. Admissibility of Instant Messaging Logs: WhatsApp, Telegram, and iMessage
Instant messaging platforms have largely replaced traditional communication channels in both personal relationships and business operations. Introducing chat histories from applications like WhatsApp or Telegram into a legal proceeding requires navigating specific evidentiary hurdles.
The Verification and Chain of Custody Pipeline
1.Export Raw Chat Databases and Cryptographic Keys:Initial Collection.
Do not rely on copy-pasting text into a word document. Use the platform’s native export functions to secure the raw data structure, including the full .txt or .json transaction logs, associated media attachments, and unique participant account identification strings.
2.Judicial Inspection of the Source Device (Mevcut Cihaz İncelemesi):Physical Verification.
Whenever possible, present the physical smartphone or computer that received the messages directly to the court clerk or an appointed forensic expert. The expert will cross-reference the live application data with the exported logs to verify their authenticity.
3.Forensic Cloud Integration and Backup Matching:Technical Validation.
If the physical device is lost or damaged, secure certified copies of cloud backups (such as iCloud or Google Drive) that contain the encrypted database files, ensuring the digital signatures match the platform’s operational telemetry.
4.Judicial Admission and Evaluation Under HMK Article 202:Legal Admissibility.
Once authenticated, if the chat log does not meet the criteria for conclusive evidence on its own, position the verified conversation as a “Delil Başlangıcı” (Inception of Evidence) under Article 202 of the HMK, allowing you to introduce supporting oral testimony or circumstantial evidence.
The Doctrine of Inception of Evidence (Delil Başlangıcı) Under HMK Article 202
In commercial disputes where the financial value exceeds the statutory threshold for oral testimony, agreements must generally be proved using written documents. However, under Article 202 of the HMK, if a party introduces an electronic message log that originated from the opposing party and makes the disputed claim highly probable, it is classified as an Inception of Evidence (Delil Başlangıcı). This status opens the door for the party to introduce supportive witness testimonies or circumstantial evidence to fully prove their case.
Privacy and Consent Issues in Criminal Cases
A critical rule in criminal proceedings is that message logs must be obtained without violating the right to privacy of communications (Article 22 of the Turkish Constitution).
- Conversations with the Suspect: If a victim records a WhatsApp conversation they directly participated in, the Court of Cassation generally rules that this data is admissible, as a person cannot spy on a conversation they are an active part of.
- Third-Party Records: If an investigator or private individual accesses a third party’s locked telephone without a valid search warrant issued under Article 134 of the CMK, the resulting message logs are classified as toxic fruit from a poisoned tree and must be completely excluded from the case file.
4. Server Logs and Network Metadata: The Ultimate Forensic Anchor
When screenshots and message logs are disputed, system server logs (log dosyaları) and network metadata serve as the most reliable evidence to resolve the conflict. Server logs are automated, system-generated records that log every interaction within a network ecosystem.
┌───────────────────────────────────┐
│ THE HIERARCHY OF SERVER RECORDS │
└─────────────────┬─────────────────┘
│
┌──────────────────┬─────────────┴─────────────┬──────────────────┐
▼ ▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ LAW NO. 5651 │ │ IP ADDRESS │ │ SMTP/IMAP │ │ SYSTEM HARD │
│ METADATA LOGS │ │ TRAFFIC MAPS │ │ EMAIL HEADERS │ │ DRIVE COPIES │
└───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘
Mandatory 2-year Dynamic IP logs Full email metadata Bit-stream images
hosting records match user accounts expose routing capture hidden or
under Article 5. to specific actions. paths and servers. deleted files.
A. Statutory Data Retention Obligations Under Law No. 5651
Under Article 5 of Law No. 5651, internet hosting providers (yer sağlayıcıları) operating within Türkiye are legally required to retain system traffic logs for a mandatory period of at least one year, up to two years.
- Log Contents: These logs do not record the raw content of a conversation, but they capture vital metadata: the source IP address, the destination IP address, exact timestamps down to the millisecond, port allocation numbers, and the total data transferred.
- Evidentiary Weight: Because these logs are generated automatically by system processes without human intervention, they are highly trusted by judges and forensic experts. If a user claims their account was hacked or that they never sent a specific message, the court can order an analysis of the ISP logs to determine if the connection originated from the user’s home router or cellular data node.
B. Authenticating Electronic Mail Headers (EML and MSG Forensic Analysis)
When an email is introduced as evidence in a commercial dispute, looking at the body of the message is insufficient. Forensic analysts inspect the underlying email header data.
A complete email header contains a detailed record of the message’s journey across the internet, including:
- The Sender Policy Framework (SPF) and DKIM (DomainKeys Identified Mail) cryptographic verification signatures, which prove the email was not spoofed or altered in transit.
- The exact IP addresses of every mail transfer agent (MTA) that handled the file.
- The unique message identification string generated by the originating server.
5. Judicial Inspection and Expert Analysis: The CMK 134 and HMK 266 Protocols
When complex digital evidence is introduced, courts lack the technical expertise to evaluate the data structures independently. The court will assign a qualified forensic expert (bilirkişi) to conduct an official evaluation under Article 266 of the HMK or Article 63 of the CMK.
The Forensic Imaging Standard (İmaj Alma)
In criminal investigations involving computer systems, storage drives, or mobile devices, experts must follow strict forensic protocols under Article 134 of the CMK:
- The original storage medium must never be booted or accessed directly, as this alters system files and metadata logs.
- The expert must create an exact, sector-by-sector bit-stream duplicate of the drive, known as a Forensic Image (İmaj / Klon).
- The forensic image is immediately signed with a cryptographic hash value ($SHA-256$). All subsequent analysis, file recovery, and timeline evaluations are performed exclusively on this duplicate image, ensuring the integrity of the original source device remains preserved for independent verification.
6. Financial and Economic Valuation of Damages Linked to Digital Assets
In modern litigation, digital evidence is frequently used to establish and quantify financial damages resulting from trade libel, breach of contract, or cyber fraud.
| Damage Classification | Focus of Digital Evidence | Forensic Verification Mechanism |
| Loss of Profits (Yoksun Kalınan Kâr) | Proving a direct drop in commercial revenue or digital transactions due to a system disruption or online smear campaign. | Cross-referencing platform access logs with enterprise e-commerce transaction data. |
| Moral Damages (Manevi Tazminat) | Quantifying the reputational harm and emotional distress caused by viral defamation or the leaking of personal data. | Analyzing social media platform reach metrics, shares, video view counts, and engagement duration. |
Quantifying E-Commerce Disruptions under Article 50 of the TBK
If a business suffers financial losses due to a malicious network attack or a targeted online smear campaign, calculating damages under Article 50 of the Turkish Code of Obligations (TBK) requires an integrated analysis of financial records and technical logs.
Counsel must match database logs showing an unusual drop in web traffic or transaction volumes with certified accounting records from the same period. This concrete technical correlation allows courts to accurately determine the financial impact of the digital disruption.
7. Comparative Summary Matrix: Legal Paths for Digital Evidence Admission
To assist legal teams in choosing the most effective method for presenting digital evidence, this matrix compares the primary options:
| Evidence Type | Core Statutory Framework | Primary Authentication Target | Structural Legal Limitation |
| Standard Screenshot | Art. 199 HMK (Document) | Visible content presentation and face-value timeline alignment. | Easily challenged if introduced without electronic timestamps or notary certification. |
| Message Logs (WhatsApp/Telegram) | Art. 202 HMK (Inception of Evidence) | Account identification strings and device-level chat database backups. | Must be secured without violating constitutional communication privacy protections. |
| Server Traffic Logs | Law No. 5651 (Art. 5) | IP addresses, millisecond timestamps, and network routing metadata. | Records only connection details, not the raw text content of communications. |
| Forensic Drive Images | Art. 134 CMK (Criminal Protocol) | Sector-by-sector data duplication and $SHA-256$ cryptographic integrity. | Requires a formal judicial warrant; must be handled exclusively by certified experts. |
8. Preserving the Chain of Custody: A Checklist for Legal Practitioners
To ensure that your digital evidence remains admissible and is not thrown out on procedural grounds, cross-reference your case file against this technical checklist before filing:
- [ ] Lock the Hash Values Immediately: Calculate the $SHA-256$ or $MD5$ cryptographic hash value for every digital asset at the moment of collection. Document these values clearly in your legal petitions.
- [ ] Preserve the Original Hardware State: Instruct your client to preserve the original device (smartphone, laptop, or hard drive) in a secure, static environment. Do not install system updates, clear application caches, or perform factory resets.
- [ ] Secure the Complete Communication Metadata: When printing or exporting chat records, ensure that full phone numbers, account handles, email headers, and dynamic links are fully exposed.
- [ ] Utilize Official Notary Anchors: For highly volatile web content, secure a formal verification certificate using the Union of Notaries of Türkiye (e-Noter) portal before the content is deleted or modified by the adverse party.
9. Conclusion: Strategic Integrity in Digital Litigation
The successful use of digital evidence in Turkish courts requires a careful blend of technical precision and solid legal strategy. Because electronic data is inherently volatile, standard printouts and basic screenshots are easily challenged by opposing counsel.
By using secure digital archiving tools, implementing electronic timestamps, and maintaining a clear chain of custody, legal teams can ensure their electronic evidence stands up to scrutiny. Proactively managing digital evidence allows practitioners to protect their clients’ interests and secure favorable outcomes in an increasingly digital legal landscape.
⚖️ Professional Legal Disclaimer
This comprehensive legal analysis is structured exclusively for academic reference, search engine optimization, and generalized informational awareness. It does not constitute formal legal advice, and reviewing this content does not establish an attorney-client relationship. Because digital forensic standards, data processing compliance rules under the KVKK, and regional court interpretations regarding interactive media shift dynamically based on updated Court of Cassation (Yargıtay) precedents and technological advancements in Türkiye, anyone confronting a serious digital communications dispute or cyberbullying matter should retain a registered attorney to safeguard their legal and financial interests.
Yanıt yok