For the ownership question, be aware that often the law does not distinguish between the legal owner and someone who as some level of presumed ownership.  In the example of a boyfriend and girlfriend, if the computer belongs to the guy and he allows the girlfriend unlimited use, then she is going to have some level of presumed ownership.  As a better example, if the cops wanted to search the house and asked permission from the girlfriend, the search would be legal.  The courts have stated that she has the right to do so.  The same concept would apply to the computer if she had regular access to it with permission from the owner.  As for the wire tap laws, you have to take into account their narrow focus.  In the example given here it is for interstate or international communications that affect commerce.  As for the radio station example we are discussing, there might be other specific commerce laws that would apply (and maybe some FCC laws?) but I just wanted to make a point that most of the big laws everyone is familiar with probably wouldn't apply.

Mine is very similar to yours, and take it from a guy who sees a lot of resumes, it is almost the expected format at this point in time.  Just a few thoughts:
-Keep two versions of your resume handy.  If you are looking at a position that is on the business side of the house, re-word everything to focus on "risk management" and the "business drivers" (ie. how you can make security work without a huge budget) of security.  If you are looking at a position on the tech side of the house then don't be afraid to start throwing out the operating systems you work on, coding languages, how you re-engineered and upgraded specific parts of the network, and so on.  Do not be afraid to let your tech resume grow to more than a page.  It is not uncommon to see 2 full pages or a little more.
-If you have a very well know "heavy hitter" certification (CISSP, CISM, CISA, etc) then include it after your name.  Something like "John Doe, CISM".  It's stupid, but you'll be surprised how it will get you through the HR review process quickly, and you just tend to stay near the top of the stack.  Still have a full listing of all of your certs near the top of the resume.
-Include an education section no matter what.  If you don't have your degree then make sure to list classes you've taken that relate to the work.  Also, and I'm not encouraging dishonesty here, if you are still working towards your degree then list what the degree is, where you are going to school, and an expected graduation date.  If the job requires a specific level of education, often the HR department will accept a "pending" degree.  Please don't list the degree you expect to get in 2023.  There are limits to how far you can stretch this.
-Include specialty training courses even if you didn't get a certification.  For example, I took several advanced forensics courses that did not end in a certification.  My resume shows the title of the course and an overview of the content.
-consider a "skills" section.  This is your catch-all.  Dump in all of your uber-geek accomplishments here. 
-have a memberships section that you list all of the groups you are involved with.  If you have certs, you are probably automatically part of certain groups. (ie. CISSP -> ISC2, CISM/CISA -> ISACA)  Also list other groups that show you are actively working in your field.  For security guys, something like "The Ethical Hacker Network" seems pretty legit for a resume
-have an awards section.  list everything you've won especially if it relates to your field.  Also include awards that just show professional standards.  For example, if you won the DefCon hacking competition, good place to put it, but you would also list the award you got from your company for building a new firewall with a budget of 6 dollars and 3 pieces of lint.  Military guys, think good conduct medals, achievement medals, etc.

You're splitting some hairs at that point.  While a second person might have partial ownership of the system, you would argue that they don't have assumed ownership over all of the material on that system (ie. the work email account).  If data from that account was leaked it would open up some very certain civil liability lawsuits, and depending on how much damage was done you could push for some criminal suits as well.  Think of it this way, your wife might have assumed shared ownership of your desk, but if she searched through your drawers, found some vital work papers, and had them published online, your work would probably sue the hell out of her (and you) while pressing charges of various types.

One thing that these guys are going to need to consider, legality issues put aside, they might be held liable under civil laws.  If the affected person decides that they have suffered emotional damage, that their job was affected, etc. then the radio station could be held liable.

Generally this would be considered acceptable if a person with an ownership aspect of the system agreed to it.  That means if they live together and have an assumed shared ownership of the system then one of them could give permission to do so.  Also, you need to remember that nobody in the scenario is a representative of the government so most privacy/wire tap/evidence/search laws would not apply.  My two cents.

You are also going to keep in mind why you are going to need the knowledge or cert.  If it is going to be an internal security/forensics/incident response issue then go with whatever you prefer.  If you are going to be doing work that will be presented in court, then you are probably going to have to lean towards EnCase and the EnCE.  Encase has passed all major court challenges so it is going to be considered a reliable platform in which to gather evidence.  FTK and a lot of the open source tools suites have changed recently or under go changes on a regular basis.  Every time that happens they will be challenged again in court.  If you are the person on the stand when that happens it really freaking blows. You are probably going to be put on the spot to explain the entire theory of computer forensics (across multiple file systems), and the very specific technical workings of the tools you used and why it can be trusted to produce legally verifiable evidence.

yeah, remember that the iron itself has value, not just the data.  If someone owns that box and decides to use it to serve kiddie porn, has a DoD system, or just generally be a jerk, someone with a badge is going to serve you a warrant and take it away from you.  Then you will have to prove that you didn't know anything about it, and you'll be without the system for some time.

Metasploit has a couple of "successful" messages.  One shows that whatever command you ran completed, one says the exploit was successful.  If the actual exploit was successful you should just check the connections with the sessions command.

Yes, it does, but Smurfette only did it a couple of times.  She was young and needed the money.

For folks moving into the security or incident response space for the first time, Knoppix, Helix, and BackTrack are an incredible resource.  As for mounting the windows drive you are going to hit two issues: make sure your linux build is recognizing your usb ports, and using the right file system.  Most of the live CD's will auto sense the usb ports so that shouldn't be an issue, and some of them will automount the drive if it is plugged in when you boot.  If you have to mount it manually, try ntfs first and samba seconds if you can't get ntfs to work.  Another thing to check, if you are trying to mount with one of the linux builds meant for forensics (especially Helix) when you do get it mounted it will be hard set as read only.  It can be a bit of a pain in the hind-quarters to get it mounted as writeable.

Nothing at all. Too much coffee, to little sleep, and poor control over the voices in my head.  ie. I was being stupid.

Ditto.  I've hit in the 80-90 range before, but most of the copies were not functional.  There are several virus/malware strains now that will create copies of themselves when they log a certain event (opening up explorer, anti-virus loads into memory, mercury enters a retro-grade orbit into Jupiter's third house, etc) and you find them renamed and copied all over the place.

To the question earlier, yes, there are pen testing teams that have physical media drops as part of their assessment.  One of the tiger teams I know used it to really screw with a bank.  They dropped a dozen usb drives in the parking lot that were installed with a piece of code that would fire off when windows auto mounted.  It didn't install anything, just pinged their server so they could get a count.  11 of the 12 were used in the bank, the last was used by a customer on their home system.  As for CD's, that is a story from one of the original black hats.  Someone loaded a trojan onto those little mini-CDs and just walked around the conference throwing them onto the tables of other participants.  Dozens of people picked them up thinking they were demo disks.  The next generation of this is already here, and that is infecting the media on creation.  Foreign governments are pre-loading devices with trojans and just waiting to see where they'll end up.  Other times you'll get people in the factories that will put the malware into memory chips without ever knowing what devices they will get built into...

http://redtape.msnbc.com/2008/01/digital-picture.html

Or you could have modified the source code to open a listening port for you then left the thumb drive on the table in the break room by the HR department.  At least that is what my evil twin would have done.

Yeah, I guess I left out the ole' index.html.ftp.banyan.ext3  buffer smurf underflow.