Backup
Although under normal circumstances it shouldn't happen, there's always the eventuality that some tools, while performing some aggressive checks, particularly on older or cluttered systems, might cause some instability and crashes. You should be prepared for this eventuality. It might also be the case that if you find the device to be infected, you might want to safekeep it and the owner will want to recover some data.
It is advisable that before proceeding with the inspection you make sure the owner is aware of any risk of data loss, and that all steps have been taken to preserve at the very least the most critical files. Of course, a full and secure backup of the system is a much more preferable option, but circumstances and time do not always allow for that.
Along with a USB drive with the collection of tools you might need for the inspection, you should consider always carrying an extra drive with you (perhaps with VeraCrypt or any other file encryption utility you prefer) to be used in case you need to preserve some files from the device.
Last updated