emptywheelI've pulled together what we can learn from the October 22, 2020 CYA memo on the Hunter Biden laptop. Hoping some tech folks, esp @malwarejake and @matthew_d_green can review it to see if they can figure out why FBI had to install laptop hard drive in new laptop to get an image of it.
Byron@emptywheel forensic practice would be to pull the drive and connect it via a write blocking cable/device over usb to a forensic tech’s computer possibly with another usb drive to then image the drive with out altering its contents.
Thomas A. Fine 
This.
You don't even need a write-blocking cable (although it's the safe way). You can just set a Mac to not mount disks at plug in, and then mount it by hand read-only. After that, the SSD sits sealed in a bag, and everybody works from locked read-only disk image copies (dmg or iso files) that are easy to share and faster than an SSD.
(You do also need an Apple proprietary enclosure for the non-standard Apple SSDs. Widely available.)
@thomasafine So why would they do it? What would the effect have been? @wpoland
I should probably note that most Macs have "target disk mode" in which the laptop can be booted as if it is nothing but a hard drive (although if you're pulling the disk out and putting it in something new, an actual enclosure is vastly cheaper and a better choice than using a laptop as an enclosure).
It's _possible_ they meant this, but it still sounds like a stupid method.
@emptywheel @wpoland
So for example if they just logged in and poked around, then ever "poking around" action would be updating access times.
If they used Apple Mail to read email (as Mac Isaac did), this alters the email files (because Apple Mail stores metadata at the end of email message files, like last read time).