I don’t do forensics, but this makes sense to me, as a possible procedure. You don’t want to do anything to tamper with the original hard drive, and you definitely don’t want to boot the OS and run software, because just operating it can change the data structure and what remains. So you explore the data on a mirrored hard drive, and keep the original, because there are ways to inspect the original for data that has been overwritten, physically (can’t be done on a mirror).
But you are assuming that they did this.
Would you really be surprised if they didn’t nudge and wink at each other every step along the way. IE, and thing that can accidentally sabotage evidence potentially harmful to the former NY Senator...
I’m going to sound like a technological illiterate here, but I’m going to do it anyway. I went to the FBI citizen’s academy several years ago. There can be a problem with proving chain of custody on electronic devices. If I remember correctly, they make a copy of the data and basically serialize it. If any changes are made to the data it will reflect in the serialization. That’s how they prove to the court that the data has not been manipulated to create evidence. There was about an hour class on this but it started above my head and got deeper. Maybe someone more knowledgeable can describe the process better. An interesting point they made was when they conduct a search these days they have to look at everything because flash drives can be disguised about a million different ways these days.