While I don't know how the BoS is doing this investigation, I have performed many similar ones myself, and can describe how they are supposed to be done. If there is suspicion of wrongdoing - a system breach, employee misconduct, or other - investigators can be brought in to perform a forensic analysis.  The general steps are usually:

1. Identify the scope of the investigation.  What's surprising to me about this case is that the scope seems to be "everything".  I find it difficult to believe that the selectmen and the TA have equal reason to believe that there is corruption/misconduct/whatever they are looking for across the board.  This is usually limited to no more than a department, and ideally just a couple of individuals.  There are a number of reasons for this - cost control, liability control, and others.  Cost is probably obvious (costs more to investigate more), but liability goes back to your points, Wag.  Why would I want to collect more data than I absolutely need for this?  All that accomplishes is putting that data at risk of loss.  There are a ton of regulations out there that govern collection, storage, and transport of data (Google for GLBA, HIPAA, FERPA, 201 CMR 17.00, and others), and the more data you have, the higher the likelihood that you have some covered data.
2. Identify the "script" that you are going to use for your search.  Typically when you're performing this type of investigation, it's because you have reason to believe that something specific is going on.  Hypothetically, if we're running under the assumption that the BoS is looking for people who post on this site, then the investigators would look for things like "warehamobserver.com", "sauvageau", "BoS", etc...  However, if they are looking for "everything", then there wouldn't be a script to follow.
3. Take a forensic image of the drive(s) to be investigated - There are plenty of software packages that do this, but EnCase is the most popular.  Simply copying a disk is insufficient in this case, as there's no guarantee that data was not changed - EnCase is "forensically acceptable", meaning that nobody can change the data once it's copied, and it has search tools, can pull deleted files, etc.  Time to do this varies, but a standard 120GB disk can be imaged in about 2 hrs.
4. Document chain-of-custody changes and store all disks in a secured location (e.g., a locked, monitored vault)
5. Investigate the disks one at a time.  Depending on the script identified in step 2, this can either be about an hour of work, or a day or more - if the script is tightly scoped, it's easy.  However, if an investigator is pouring through drives looking for anything they can find, that takes a long time.
6. Report findings
7. After it is determined that there is no need for the evidence (generally a couple of years), destroy the disks securely.

Without knowing what firm the BoS is using, it's difficult to say who's looking at it, how qualified they are, etc.  There should be an NDA in place between the town and the firm that would legally prevent them from disclosing any information.  However, it is possible (though I am NOT a lawyer, so don't take this as fact) that there could be some data on the drives which falls subject to the regulations mentioned above, which could cause some legal issues in its transfer. 

I'm actually fairly surprised that the name of the firm has not been leaked.  If anybody has that name, PM me and I can talk to some of my contacts to see what their reputation is.

billw wrote:

I'm also impressed with your grasp of these procedures

Well, it's a good thing - otherwise I'd be out of a job!  As for the pricing, it's tough to wager a guess without knowing (a) who's doing the work and (b) what their scope is.  If it's a high-end national firm, you're looking at $250-$300/hr overall rate.  Smaller local boutiques, figure about half that.  Two guys and a dog working out of a shed, probably $75/hr.  That's before the lawyers get involved.  I've seen posts that differ on whether it was internal or external counsel involved, but I'd guess it's a blend.  Lawyer's ain't cheap, but they probably don't need to put in too many hours on something like this - a chunk of time upfront to say "yeah, we think you can do this", a chunk of time on the backend to say "ok, you found x, that means you can do y", and then who knows what type of lawsuits or other issues will come out of this.

So once you get the rates, it's relatively simple math to figure out the cost - if they're imaging this many drives, they should be doing it in parallel.  This means that an estimate of 2 hrs to copy a drive doesn't mean that you can do 2 * number of drives * hourly rate.  However, 80% of the work reviewing the drives has to be done in sequence - you can kick off an individual search or scan, but the brunt of the hours are spent manually reviewing what was found.  That's where the dollars add up.

The word on the street is the Town hired off the state contract to by-pass the bidding process. Whoever currently holds the state contract is doing the work.

Try Global Digital Forensics