I just popped in and have seen a ton of comments regarding proper imaging of
a hard drive, and thought I'd throw in my two cents.

One of my favorite tools is dcfldd (http://www.forensicswiki.org/wiki/Dcflddand
http://www.sourceforge.net/projects/dcfldd/). It is a forensic version of
dd, that can be used over a network. It essentially does the same things
that many have been describing, but in a much cleaner interface.

A snippet from the wiki:

-------- snip -------

*dcfldd* is an enhanced version of dd <http://www.forensicswiki.org/wiki/Dd>.
It has some useful features for forensic
investigators<http://www.forensicswiki.org/index.php?title=Investigator&action=edit>:


   - On-the-fly hashing <http://www.forensicswiki.org/wiki/Hash> of the
   transmitted data.
   - Progress bar of how much data has already been sent.
   - Wiping of disks with known patterns.
   - Verification that the image is identical to the original drive,
   bit-for-bit.
   - Simultaneous output to more than one file/disk is possible.
   - The output can be splitted into multiple files.
   - Logs and data can be piped into external applications.

The program only produces raw image
files<http://www.forensicswiki.org/wiki/Raw_image_file>.

-------- end snip -------

I thought some may find this useful.

-- 
"A man is defined by the questions that he asks; and the way he goes about
finding the answers to those questions is the way he goes through life."