Initial intake & preserve evidence — take detailed client instructions, freeze accounts/passwords, instruct client not to delete anything; immediately preserve screenshots, emails, chats, logs and back them up.

Register complaint / FIR — file complaint with local cyber cell / police (FIR under IPC/IT Act) and obtain acknowledgement; send preservation notice to service providers/hosts/ISPs.

Technical forensic assessment — get a certified digital forensic exam (hashes, metadata, server logs, device imaging) to establish chain of custody.

Legal analysis & cause identification — map facts to offences (IT Act, IPC, other laws), identify civil remedies (injunction, damages) and need for urgent remedies (blocking, takedown).

Draft & file petition/complaint — prepare complaint, SLO/first information, or civil suit/writ (e.g., for injunction, damages, or transfer to appropriate forum).

Interim reliefs / urgent orders — apply for freezing bank accounts, interim injunctions, takedown/blocking orders under Section 69A/69, or urgent listing before court.

Coordinate with intermediaries & authorities — issue legal notices to intermediaries, request logs from ISPs/hosts, coordinate with CERT-In or cyber police for tracing.

Discovery & evidence exchange — obtain custody certificates, call server logs, subpoena records (IP, timestamps, payment trails). Use certified copies of digital evidence.

Court hearings & arguments — present technical evidence, explain chain of custody, rely on 65A/65B (Evidence Act) for admissibility, cite precedent.

Post-order actions — implement relief (takedown, account suspension, damages recovery) and pursue appeals, criminal follow-ups, or contempt proceedings if needed.