Ad Spot

From the wikipedia article on EnCase (a popular piece of digital forensics software):

The first thing a user of EnCase will normally do is use the software to create images of suspect media (hard drives, CDs etc). Images are stored in proprietary formats and contain an MD5 or SHA-1 checksum to validate their authenticity. In the same way as dd (and unlike typical imaging software such as Norton Ghost), EnCase makes images that are exact copies of the original, byte for byte, in order to be able to fully examine unused parts of the media for deleted files and so forth.

After imaging, EnCase can be used to examine the files stored in the image using common tools such as a document viewer and hex editor. It can also examine parts of the filesystem not normally exposed to the user, such as deleted file entries, on-disk checksums and log/journaling data. It can also search for and attempt to recover deleted files.

Finally, any relevant files can be saved to the user's PC, along with checksums and other metadata, for use as evidence.