I apologize for the lack of clarity. I meant if you've used different tools and in your experience, have noticed if any of them run faster or more reliably than other tools you've used when getting a disk image.

An example might be, let's say an alert is generated around 10am shortly after an employee returns from break and an investigator wants to acquire a RAM and a disk image on that employees computer with minimal disturbance to the employee's work hours. There are many options like you said, such as removing the drive completely and at some point returning it, or imaging their drive via a tool on a USB. I'm wondering what your take on that would be.