Verifying BackTrack 4 as forensic tool

I did a quick verification of BackTrack 4 (see my previous post) in order to check that no disks (including swap partitions) are mounted during the boot process when the forensics option is selected from grub menu.
I used a virtual machine with Ubuntu 10.04 installed in a 25 GB SCSI disk (virtual). First thing was to boot the VM using Helix 3 (2009R1) iso image, an already recognized and accepted forensics tool, and took a MD5 hash for the entire disk (/dev/sda). You can see the results of such operation in the following screenshot:

After that, I rebooted the VM and change the boot CD image to BackTrack 4 .iso file instead. I carefully selected the forensics option (number 3 from top) and repeated the previous process of getting a MD5 hash for the entire disk (/dev/sda). The result (fortunately) was the same value for the hash, thus way confirming that  BT 4 didn't change the disk at all during the boot process.

Although this is a quick verification that BT 4 in forensics mode indeed can be trusted as not changing the disks attached, I think that further testing can improved my trust on it.

Please go on and do your own verification just to be sure that you can trust and use BT 4 while performing your forensic investigations.