yep, working on the original drive would also make any evidence on it worthless...because time stamps for example could be altered.
I will get a grip on a professional forensics distro (Helix 3 2013 Pro) soon, got a notification that they will provide a beta version download soon for loyal subscribers like me (hooray for keeping at least some of my spam-me-I-don't-care inboxes alive
). of course I will share it then...
oh, and about encrypted drives: even if they can not break the encryption you could go to jail....BUT only for a very limited time as attempt to force you to reveal the password/key.
no idea about the USA, here it is max. 6 weeks.