Creating a dd image as opposed to .img

Disabling Shadow volume solved the the hashing issue, so they match in value, but I'm still puzzled why OSForensic does not let me image to dd?

Was this a disk that was mounted in Windows and not write protected? Might there have been some write activity going on while the imaging was taking place?

As far as I know .IMG and .DD are both just raw images of the disk. The format is the same.

You should be able to rename the .IMG file to .DD if you want an disk image called xxxx.dd

They were not write protected, but in that case why did clicking disable shadow volume provide the same md5 value as in prodiscover?

Also, just now I used the registry write blocker, and it will only allow for a direct sector copy.
However, write blocked, both pieces of software did provide the same hash value

Hard to be sure without examining the situation and steps take in fine detail.
Could be that something was written to the disk between taking the images using the various methods.

Using shadow copy is normally only required when taking an image of the live drive. e.g. your active boot drive. Using shadow copy means you can avoid hitting file locks from open files and it tracks all the writes to the disk to leave you with a non-corrupted copy of the disk even though the disk was being written to while the imaging was taking place.

If you are taking an image of a secondary drive which as no activity on it, then shadow copy should not be required. The problem with Windows however is that there is a lot of stuff that happens in the background. Drives might be updated without you knowing it. (e.g. last access times on files).