I am finally getting to play with more tools at work.  One of the most exciting ones is EnCase.  Apparently, licensing is expensive, and training is even more so.  I want to show that I am deserving of training, by being the self-starter I am.  Are there any good books out there for EnCase?

I have Books24x7 through work with access to "EnCase Computer Forensics: The Official EnCE: EnCase Certified Examiner Study Guide, Second Edition".  This pretty much seems to be the only book out there which deals with EnCase specifically.

Are there any other good books that deal specifically with EnCase, or even a forensics book which deals with EnCase specifically?\

Also, anyone have experience with EnCase training?  I think our department may opt for the OnDemand training due to budgeting issues.

The EnCE book linked is obviously the route to go however I will add a few books that will teach you a lot more about the field as opposed to the reliance on one tool (EnCase). I use Access Data more than EnCase when it comes to all inclusive tools but its not always about the tools. It boils down to understanding a system, data, metadata, etc.

I recommend:

Windows Forensic Analysis Toolkit from Harlan Carvey - worth its weight in gold
http://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Second/dp/1597494224/ref=pd_rhf_shvl_1

Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes
http://www.amazon.com/Cyber-Forensics-Collecting-Preserving-Information/dp/0849383285/ref=sr_1_1?ie=UTF8&s=books&qid=1272478831&sr=1-1

This book has a lot more informative content you will need to know and understand in the long run: e.g.: Digital Forensic Laboratory Accreditation Standards,  Forensic Black Bag (what should be in your case), Cyber Forensics and the Law: Legal Considerations, Concealment Techniques

And finally...

Computer Forensics: Computer Crime Scene Investigation
http://www.amazon.com/Computer-Forensics-Crime-Investigation-Networking/dp/1584503890/ref=pd_sim_b_2

There is more to forensics than simply starting EnCase on a captured image.

I would give Access Data a whirl if you can get it. EnCase is what it is and does its job and a plus is you could create your own EnScripts to assist you when you're truly comfortable with specifics. My big problem with programs like EnCase, Acesss' FTK, etc., is the reliance on automation. I feel a lot of examiners rely too much on a program being able to "find the smoking gun" often leaving an investigator with nothing to do but point and click... At that instance, what is there really to know at the end of the day.

I know a former professor who taught forensics at John Jay College of Criminal Justice and now works for EnCase... If you need a blog on EnCase shoot me a private message as I don't want to throw her name out there like that. Anyhow, I'd get the EnCase book since after all, you won't find anything SPECIFIC about EnCase in any other book however, I would definitely pick up the other books too. Also, depending on your title/role, see about subscribing to Forensic Magazine (http://www.forensicmag.com/) I get my copies every month and ALWAYS learn something new. Not completely specific to IT Forensic, but they post articles on the subject matter. On other matters of forensics, (DNA, labs, laws) there is almost always some cross-talk and you begin to notice similar patterns in say DNA forensics that give you an "aha!!!" on IT forensics.

The trouble with FTK is that the new versions are complete garbage.   We are still using version 1.x because 2.0 was completely unusable, and 3.0 is too new and cumbersome.   The newer versions come with an Oracle engine for index storage and are a complete dog when it comes to performance.   FTK also sucks at handling email because it has a horribly configured DtSearch engine.   Yet, FTK is great at some other things, like examining link files.   It's also much better at registry analysis.   You really need to have working knowledge of both products, but it's complicated by the inadequacies of the new version of FTK.   

I do believe that Access Data still allows you to download a trial version of FTK that is limited to 5000 files.    That's enough to get a feel for the software.

There is definitely a reliance on tools in the forensics world.  Some of it has to do with the fact that these tools are well established and have been proven to use repeatable methods.    Some of it is due to lack of knowledge.