Hi Chris,
In my opinion its all about the data, so effective methods of finding and extracting data from the network are pretty important.
Also, different ways of covering tracks is quite interesting, maybe overwriting tools by piping larger files into them using type (type bigfile.exe > evil.exe)
Also playing with the time on devices/hosts to make the forensics more interesting. oh and log file manipulation, thats always fun.
Regards
Syn