To say that the one drive that burned out wouldn't have burned out if you would have put it in the freezer is unlikely. I don't disagree, having a fan on a drive that runs hot can help buy some time, but freezing a drive only makes it cool and a perfect candidate for condensation as soon as you remove it from the freezer.
In the OP comment, the laptop seems to have had a power surge. Without taking the drive out of the laptop, we can only say with a 50/50 certainty that the drive was not affected by the surge. If it was, it will be dead with no power and no amount of freezing will fix it. But, on the off chance that the fuse is now weak and ready to go at any time, it is best to get a full clone of the drive. Yes, I did mean a full sector-by-sector clone to another drive.
The reason I recommend a clone is with the assumption that you would have a hardware cloning tool that should be able to duplicate the drive at speeds around 100MB/second, rather than using a software app and the usual USB write blockers that transfer to an image file at speeds that are less than half of that.
On this note, it has come to my attention that most forensic investigators only make a single image of the drive, calculate the HASH and use the single file. As one of my clients has just discovered, this can be bad. He has handed the original drive back to the client (which I don't recommend either) and his drive with the image on it fell to the floor, leaving him in a bad spot and us with a very tough recovery.
The reason I recommend a clone is with the assumption that you would have a hardware cloning tool that should be able to duplicate the drive at speeds around 100MB/second, rather than using a software app and the usual USB write blockers that transfer to an image file at speeds that are less than half of that.
I have personally imaged drives at speeds around 100MBs very consistently with FTK imager where the source was connected via a write blocker with an eSATA connection to my workstation, so I must strongly disagree your suggestion of cloning vs imaging solely on speed grounds. If I were using a crappy old computer, or slow drives as a destination instead of my RAID, the minimal software processing overhead of transforming to an image may be an issue, but with current generation processing it's not.
I seem to recall saying that the majority of folks are still using USB based write blockers. So, yes, SATA write blockers can be fast too.
I should note that when I'm thinking cloning with physical hardware, I'm thinking of using tools such as DeepSpar Disk Imager which can handle bad sectors and drives with instability. But, I guess it stands to reason that most forensic techs haven't invested in these tools, nor would I expect them to.
Many thanks for all the replies.
It was not 'evidence' was just my old laptop but as a forensic computing student I just wanted to know the procedures one would take if it was evidence that was found at a crime scene.
At uni we have only really done work on USB memory sticks and not pc/laptop hard drives yet. So far weve done alot of using a writeblocker, imaging using ftk imager and then carrying out the analysis stage using FTK or encase etc so I just wanted know about imaging a bigger hard drive and how thats done at a crime scene.
Thankfully no damage was done to my hard drive so I just removed it and used an enclosure/caddy and was able to get all the files off it.
But thanks again everyone for the replies, enjoyed reading them!