Live Digital Forensics
Myth: Actions taken by a digital forensics practitioner must not change the data held on a digital device’s storage media if such data is to be relied upon in a court of law.
Reality: The Court places no such demand on the digital forensics practitioner. If the scientific method applied by the practitioner holds this requirement to be true, then it is the practitioners’ forensic process that is perhaps too rigid and in need of alternatives. If your forensic process precludes you from collecting valuable evidence and using it in a court of law, then by all means fix your process. If opposing counsel’s expert utilizes and presents a sound methodology for having acquired, analyzed, and reported upon the evidence, then the evidence will almost certainly be admissible even if some minimal but necessary change was made on the evidentiary device.
From: Dispelling Common Myths of Live Digital Forensics by Matthew J. Decker, Warren G. Kruse II, Bill Long, and Greg Kelley