Have done something similar in version 1.9.x (not 2.0) for restricting access to IM using a clone/copy of the student role and denying access/permissions to IM and anything leading to IM - example: "student_no_IM". Then assigning students that were to be restricted to the restricted role (student_no_IM) within the context of the course. Makes no difference how that student logs on ... ie, what computer they use to access (IP address) ... their "no_IM" role restricts but only in the specific course.
Suggest one method might be creating a "student_NO_Forum" cloned role of your current "student" role and concentrate on the Forums section in the "student_NO_Forum" role for restricting. In looking over them, it appears one might be able to allow an abusive user to view but not participate ... ie, reply, post, etc.
Comment: if student has been abusive in Forums, student might also be abusive using other tools ... such as IM or in blogs with comments. One might be looking at the tip of the iceburg!
Best of luck!
in the 'spirit of sharing', Ken