Within STFC, if an Information Security Officer or an HR Case officer suspects that a computer system has been misused, they can formally request that the computer system is investigated. This is known as a "Computer Misuse Investigation".
The PDF document describing the current Computer Misuse Investigation process is available for review on this web site. While this document was produced by the Computer and Networks Security Group in 2004, it is still valid and may be used within STFC.
If you have any concerns or questions on the Computer Misuse Investigation process, please contact the current Information Security Officer.
If you believe that you may need to examine any computer based system to gather forensically sound information or evidence you must contact the Information Security Officer before you start any investigation. Failure to do this may undermine the validity of any information or evidence that you believe you have gathered.