Forensic Procedures

[Theresa Semmens <Theresa.Semmens () NDSU NODAK EDU>]

We are in the process of updating some of our acceptable use policies. When
you have to investigate an incident that requires forensics on a machine,
what procedures do you use regarding the chain of evidence - how it's
protected; the chain of custody - who is responsible; the protection of
evidence - who is responsible for this?

Also, if you need to seize a computer for investigative purposes, do you
explain to the user why you are taking it, or do you simply take the
computer and replace it with one they can use while it is being examined?

Theresa Semmens, CISA
NDSU IT Security Officer
North Dakota State University
Fargo, ND 58101
701.231.5870
Theresa.Semmens () ndsu nodak edu

Happiness comes through doors you didn't know you left open.

This electronic mail message may contain privileged and confidential
information.  If the reader is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are hereby
notified that any use, disclosure, dissemination, distribution, or copying
of this communication and any attached files may be strictly prohibited.  If
you have received this communication in error, please immediately notify
Information Technology Services contact by telephone at 701-231-5870, or by
reply e-mail, and permanently delete the message from your system.  Receipt
by anyone other than the intended recipient is not a waiver of any privilege
or immunity. 
 

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.