Getting an image of a drive within Linux

---------------------------------------------Create the Image ------------------------------------------
Data Definition is specified by dd command

Identify the machine which needs to be investigated, and take an image of the hard disk. You can capture the disk and connect to your forensics machine in order to take its image. The disk may be anything from a hard disk to a floppy. That way, you’ll have two copies of the suspected disk-one image as well as the physical disk itself. We’ll be examining both images one by one. The tool ‘dd’ can be used to take an image of the disk by using this command:

Here, we are taking image of the disk sdc and saving it as image.dd. You can give the image any name, and .dd is an extension just to denote that it’s an image taken through ‘dd’ tool.
Input file and output file should be mentioned very carefully, if you mention source device in the target and vice versa, you might loss all your data
“if” represents inputfile, and “of” represents output file. So the exact copy of /dev/sdc will be available in /dev/fd0

dd if=/dev/sdc of=/dev/fd0

dd if=<media/partition on a media> of=<image_file>,
Example:
This creates an image of a harddrive in current directory

dd if=/dev/hda of=~/hdadisk.img

Now mount it to a device “floppy device called fd0”:
# dd if=image.dd of=/dev/fd0

---------------------------------------------------- Mount The Image as Read Only ------------------------------------------

This will mount the image as read-only to the direct /mnt/investigation 

Here ‘ro’ and ‘noexec’ denotes that the file should be mounted as read-only and non-executable.

mount -o ro,noexec,loop hdadisk.image  /mnt/investigation

reference taken from: 

http://resources.infosecinstitute.com/linux-and-disk-forensics/