Educause Security Discussion mailing list archives
Forensic Procedures
From: Theresa Semmens <Theresa.Semmens () NDSU NODAK EDU>
Date: Wed, 3 Mar 2004 15:15:14 -0600
We are in the process of updating some of our acceptable use policies. When you have to investigate an incident that requires forensics on a machine, what procedures do you use regarding the chain of evidence - how it's protected; the chain of custody - who is responsible; the protection of evidence - who is responsible for this? Also, if you need to seize a computer for investigative purposes, do you explain to the user why you are taking it, or do you simply take the computer and replace it with one they can use while it is being examined? Theresa Semmens, CISA NDSU IT Security Officer North Dakota State University Fargo, ND 58101 701.231.5870 Theresa.Semmens () ndsu nodak edu Happiness comes through doors you didn't know you left open. This electronic mail message may contain privileged and confidential information. If the reader is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution, or copying of this communication and any attached files may be strictly prohibited. If you have received this communication in error, please immediately notify Information Technology Services contact by telephone at 701-231-5870, or by reply e-mail, and permanently delete the message from your system. Receipt by anyone other than the intended recipient is not a waiver of any privilege or immunity. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Forensic Procedures Theresa Semmens (Mar 03)