Forensic imaging creates a verified bit-for-bit copy of storage media. Process: write-block original → image to new media → hash original → hash copy → verify hashes match.
FTK Imager, dd, dcfldd (dd with built-in hashing) are common tools. Always verify with MD5 and SHA-256. Write blockers prevent accidental modification of originals. Working on forensic copies protects evidence integrity.