Process / Forms for Students voluntarily surrendering computers

[James H Moore <jhmfa () RIT EDU>]

Sorry for the cross-post but this deals in both areas.

Common situation (at FIT - Ficticious Institute of Technology),  Sally
Student scans the Whitehouse, or NSA, ...

We get a polite request to investigate.

We go to Sally, and ask why she has been trying to fingerprint government
systems.

She denies all knowledge, and we ask if we can look at her system.

She loans us her notebook.

What is good wording for voluntary release?

What is a good investigative process?  So that,
  1) We avoid liability (e.g. we don't mess up her drive while
investigating, and accidentally delete the folder with her thesis and
research in it.)

  2) We prepare for student judicial, in case, she thinks that she has
erased all the evidence, but hasn't.

  3) What do we disclose to Sally (or the university), and when about our
investigative process.

What questions did I miss?

- - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
Office: 585-475-5406
Lab: 585-475-4122
Fax: 585-475-7950

"In the middle of difficulty lies opportunity." Albert Einstein

"The release of new internet threats have not created a new problem. It has
merely made more urgent the necessity of solving an existing one." Parallels
quote by Albert Einstein on atomic energy


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: smime.p7s
Description: