I know there are plenty of you out there with an interest in forensics and a small budget so I thought I'd share a tip with you. When you are creating an image of a disk using dd it's often useful to split the dump into chunks. If you are dumping to a FAT32 disk for example you cannot create file greater than 4GB in size.
The Unix command split takes an input source, splits it onto chunks of a specified size. You can use this in conjunction with dd to automatically split and name the output files on the fly. The following command will dump the contents of device /dev/sdb to standard out where split will read it, chop it into 2GB chunks and name each file case0001_disk001_image_<suffix>.
$ dd if=/dev/sdb bs=4k | split -b 2G -d -a 3 - case0001_disk001_image_
The option '-d' tell split to add a numeric suffix instead of the default alphabetic one and option '-a 3' tell split to use a 3 character, suffix e.g. 001, 002, 003 etc.
Hope you find this useful and I hope it serves as a reminder that learning the basic Unix tools is a skill worth having.