Well, as concerns the "Made copies" angle, creating a disk image of a failing drive, and then doing high-level recovery from the resulting image kinda *IS* a standard practice. There are reasons for doing it that way:
1), if the physical device has mechanical failure due to a physical defect, then the actuation of the read head can further damage the media, resulting in greater problems. Reading the entire drive in a smooth, even keel will get you enough of the data (even with read errors) to be able to do high level filesystem recovery in most cases.
2), If this is for legal reasons, you want to keep the source volume as unmolested as possible-- while you can do filesystem restoration operations on your produced disk image after mounting it as a virtual volume.
So, the creation of disk image files is not really something I have any issue with. The "Drove all the way to timbuktu for no discernable reason, to have a specific repair shop work on the thing" is much harder to swallow.
Still, the only way to know that you have succeeded in recovering a client's email database (such as their outlook inbox, which stores such a thing locally), is to attempt to load the recovered data, and see if the software recognizes it. That means seeing at least a small sampling of the contents, just to verify restoration. (even if that's just a bunch of subject lines.) A properly prudent repair person will totally ignore anything they find, because whatever sordid shit people email to each other really is not that person's business.
Having had to recover some pretty sordid shit for customers before (No, I will not elaborate), and then verify that the recovery was successful (because they insisted, and were adamant about getting that filth back), I have seen things that cannot be unseen, and no, because it is none of my motherfucking business what people do with their time and equipment, I won't share any grisly details. Getting unwanted passive exposure is totally a thing that can happen if you are going the extra mile to assure that the data that you recovered is actually viable, and you can attest to the customer that the data recovered is viable (and where appropriate, what data you recovered is not, or is only partial and how much.)
The key thing here is that the FBI is supposedly in possession of the ORIGINAL hard disks. This means that the FBI has files, and chain of custody documentation, for a set of hard disks from this event. That means that people in the press have sufficient information to file a FOIA request, and get a formal statement from the FBI that could confirm or deny the story.
Since no such FOIA has been produced, and no "Yes, we have hard disks related to this incident in our evidence holding area" from the FBI, that means the story's credibility is pretty poor. Chain of custody must be protected, otherwise you end up with "Fruit of the poisonous tree" problems.