Buy and read these books cover to coverhttp://www.bookpool.com/sm/0321525647
- Make sure to keep your dell forensic box in physically secure location and that your media is locked away.
- Depending on what your analyzing, specifically phones and pda's, you may need to buy more hardware for that
- Don't go cheap on storage. You might have to image a raid server one day.
- Download LiveView so you can investigate the image as an interactive VM
- Make sure to write out your forensic process in a document. This is very helpful, because you first you want it to be repeatable and accurate. Second, it helps in court when you have a standing procedure thats used over and over.
- Its common in forensics to use 2 or more tools like FTK and Encase. So you may consider getting both depending on your budget.
- You'll probably want to build a jumpbox full of tools that you can take with you on a moments notice. Many vendors sell these in a complete set.
I've taken the SANS Forensics training and its very good, however if you are going to be using Encase I would recommend getting their product specific training over SANS. Just my opinion, based on the fact that Encase is the mostly widely used product. Not the best, just the most common.