Everyone has given you the same excellent advice therefore I offer you an analogy to think about outside of security...

The door to your home is locked/protected by an ACME lock. Someone sends you an anonymous letter warning you about the lock. You as the owner have your reason for keeping an insecure lock on your door. Unbeknownst to anyone outside of your house, you rigged explosives (honeypot) to be triggered by the first fool who wants to get inside your home. Someone comes in: Game over.

There could be plenty of reasons why they have WEP over WPA running on the network. Perhaps they have legacy machines running that can't run WPA. Perhaps they have a NAC server the moment you get by the wireless router. For whatever reason they're choosing to run WEP, the concern is not yours it is theirs and any activities taken by you - you will learn to regret. No matter how logical or moral you think you are or will be, you are as stated breaking the law.

Weird, I tinyurl'd the following:

http://www.google.com/search?q=hipaa+template+filetype%3Axls&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The link will take you to a plethora of available HIPAA templates. Google is your friend:

hipaa +template filetype:xls

And what do you think will happen when you interfere with an ongoing criminal investigation?

This idea has been floated around from time to time and is nothing new. There have been many individuals who've had nice theories about eliminating threats but are too often blinded to see bigger pictures. For instance... You stumble upon say a site filled with despicable child porn, your initial instincts after wanting to physically hurt the owners is to remove the site... Do you remove it? How? Hack into it? DoS it? By hacking into the site, you're no better than any other malicious hacker period. DoS'ing? Same.

Not only are you no better, but you could be setting yourself up for tampering with an investigation by a law enforcement agency. You don't and can't know whether or not the site is under surveillance. You can't and won't know - unless they arrest you - that you potentially crippled the work of investigators who may have been close to legally arresting a website owner/operator and or closing down a website.

Take a step away from the technological aspects of this for a moment... Place this into another situation: "Hi, I've seen many people get mugged on the street and I was wondering if someone would like to join my group of vigilantes. We decided that we are the judge jury and executioner. Wanna join?

Forget about business plans as there would be little viability in it. There may be a personal moral redemptional reward for you, but at the end of the day you're looking for trouble on both sides of the law. To repeat, you could be jeopardizing an investigation and secondly, if you think some of these spammers and kiddie porn peddlers are Jack-in-the-Box do-nothing'ers, don't think for a minute that some organized crime boss making millions off of spam, etc., won't stop to harm you if found. They will NOT hesitate to pay someone to off you for peanuts.

I would give Access Data a whirl if you can get it. EnCase is what it is and does its job and a plus is you could create your own EnScripts to assist you when you're truly comfortable with specifics. My big problem with programs like EnCase, Acesss' FTK, etc., is the reliance on automation. I feel a lot of examiners rely too much on a program being able to "find the smoking gun" often leaving an investigator with nothing to do but point and click... At that instance, what is there really to know at the end of the day.

I know a former professor who taught forensics at John Jay College of Criminal Justice and now works for EnCase... If you need a blog on EnCase shoot me a private message as I don't want to throw her name out there like that. Anyhow, I'd get the EnCase book since after all, you won't find anything SPECIFIC about EnCase in any other book however, I would definitely pick up the other books too. Also, depending on your title/role, see about subscribing to Forensic Magazine (http://www.forensicmag.com/) I get my copies every month and ALWAYS learn something new. Not completely specific to IT Forensic, but they post articles on the subject matter. On other matters of forensics, (DNA, labs, laws) there is almost always some cross-talk and you begin to notice similar patterns in say DNA forensics that give you an "aha!!!" on IT forensics.

The EnCE book linked is obviously the route to go however I will add a few books that will teach you a lot more about the field as opposed to the reliance on one tool (EnCase). I use Access Data more than EnCase when it comes to all inclusive tools but its not always about the tools. It boils down to understanding a system, data, metadata, etc.

I recommend:

Windows Forensic Analysis Toolkit from Harlan Carvey - worth its weight in gold
http://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Second/dp/1597494224/ref=pd_rhf_shvl_1

Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes
http://www.amazon.com/Cyber-Forensics-Collecting-Preserving-Information/dp/0849383285/ref=sr_1_1?ie=UTF8&s=books&qid=1272478831&sr=1-1

This book has a lot more informative content you will need to know and understand in the long run: e.g.: Digital Forensic Laboratory Accreditation Standards,  Forensic Black Bag (what should be in your case), Cyber Forensics and the Law: Legal Considerations, Concealment Techniques

And finally...

Computer Forensics: Computer Crime Scene Investigation
http://www.amazon.com/Computer-Forensics-Crime-Investigation-Networking/dp/1584503890/ref=pd_sim_b_2

There is more to forensics than simply starting EnCase on a captured image.

I've got both the OSCP and CPT from IACRB and they're two different although similar tests. The OSCP is all hands on and unless you've been in the industry for a while and understand many concepts and tools, you will find it difficult. Otherwise it should be a breeze. The CPT is two-fold. A written and a practical similar to the OSCP however, it won't consist of usually more than 2 compromises. In which you need to compromise one before you even get close to the other.

The CPT content is more structural and informative than the OSCP and this is not to say the OSCP lacks anything. IACRB's content authors (Koziol, etal) have put a lot of work into explaining a "step above" typical pentesting concepts. So you WILL (emphasis WILL) learn a lot more about shellcoding (after all Jack wrote the book), different types of exploits, tips and tricks.

OSCP was fun and definitely worth the buy however for the content, The CPT has a greater value with the CEPT having even more value. I will be re-taking the CEPT as I failed by one.

http://www.digitalintelligence.com/products/freddie/

Just an FYI, there is nothing spectacular on that HP. For starters the capacity on the drives alone wouldn't be much if I had to do forensics on say 1/2TB. Personally I think you'd be better off building your own machine. Sorry for reposting, should have clarified it from the onset