Probably because they are no more than that, opinions.  It's all based on personal experience and prior knowledge.

I think that certs in Computer Forensics are generally respected, especially in the consulting world.  The CCE is a particularly good cert to have in the private sector because some states are starting to require it.  Another one you may want to consider is EnCE.    In my company, we definitely value certs, but not anywhere as much as experience.   

I think that the certs will get your foot in the door, but you may want to be prepared doing entry level work for a couple of years.  You would likely be imaging computers, keeping evidence paperwork, logging cases, etc.  You can also consider government work.  Former FBI, Secret Service, Customs, etc agents are highly sought after in the forensics consulting circles.  With any of these, you would likely be a regular agent before you can transition into forensics.  Still, the feds pay well at first.  Most agencies require you to in the DC area initially for training.

As far as salaries are concerned, take a look at this link for government positions:

http://www.fbijobs.gov/113.asp

For the private sector, I think that 40k to $45k is reasonable for an entry level position.   Although, considering the current economy, it may be lower.

Welcome to the forums.   

I am not entirely sure what you are asking.   MSF Express is primarily a penetration testing tool with many publicly available exploits.  However, it's much more than that.  Do you have a specific question about MSF express?  You can review the getting started guide:

http://www.metasploit.com/documents/express/GettingStartedGuide.pdf

Sil, good luck to you on the exam.   From reading your post, it sounds like the exam is a win-win situation.  At the very least you will learn where you stand.  I it sounds like the exam will be real-world scenarios, which is always great.   

I think this really depends on your engagement.  Arguably, all software has some sort of vulnerability, that given enough time you can exploit.  In a consulting engagement, you don't always have the time. 

I usually try to find the path of least resistance.   Like MaXe said, it may be easier to find a SQL injection vulnerability in a web application, than to fuzz and exploit some proprietary app.  That's not always the case.  Sometimes developers subscribe to the theory of security by obscurity.  Sometimes a simple network monitor session will reveal all kinds of goofy things.   More often, I find myself modifying a PoC, rather than starting completely from scratch.  Still, there may be times when starting from scratch is all you have.

Access Data has released FTK Imager 3.0.   It continues to be a free product.  Some of the new features are:


Download URL:
http://www.accessdata.com/downloads.html

Complete Release Notes:
http://www.accessdata.com/downloads/current_releases/imager/FTKImager_ReleaseNotes.pdf

It's not legal for you to hack one of the bots.  Remember, the bot is a victim here.  The best you can is report the attack to the authorities. 

Botnets get shutdown, it just takes time.  Like Sil said, the challenge is trying to figure out who is controlling the botnet.  Going after the poor dope whos computer was infected hardly makes any sense.  Another one will easily take his place. 

Recently, the Mariposa botnet was shut down.   It took a ridiculous amount of collaboration to shut it down:

http://www.net-security.org/secworld.php?id=8962

Nice, so instead of fixing the issue, they threaten legal action. 

Congratulations Jason!

I work in both forensics and hacking.  I can tell form experience that they definitely complement each.  However, like sil mentioned, they are entirely different animals.  While hacking knowledge provides a certain insight into a hacking case, we have plenty of good forensics investigators that are capable of catching a hacker without any hacking knowledge what-so-ever.  They are mostly ex-cops and ex-feds with serious investigative backgrounds.  That's the part that's key.  Don't forget that very few investigation deal with hackers. 

While you can teach the technical knowledge required for forensics work, in my experience, the investigative skills almost entirely come from experience.  A good investigator has solved enough cases where he or she can easily assume the role of the person their investigating, regardless of the circumstances.  Think of a detective in a serial killer investigation.  The detective obvious has been in the shoes of a killer, but he is able to think like one.

Those are just my two cents.

I had no idea Dell made firewalls.  From experience with their switches, the interface and language seems to be pretty similar to Cisco's.  I am guessing they license the code.  The boxes and hardware are significantly different.  I like Dell's support much better than Cisco's.  I am not a big fan of rebranded hardware, but I do like Dell's support. 

I am not sure how a "backup" will help with any legitimate uses.  You can hardly show up at Target with an all-white credit card, with "Wachovia" written in sharpie on it.  Although, I would love to see the face of a cashier when it actually works.

Yahoo offers "disposable" email addresses.   They allow you to create a temporary address linked to your real address.  When you are done with the site, you just delete the address.  Yahoo will also flag those messages a different color.