You can then combine this with s (substitute):

sed '/myregex/ s/from/to/ p'

This is not combining commands. In your example p is a modifier to the s/// command.

Just disable printing out with the -n option and add the p modifier to the s/// command to print out lines where substitution has occured. sed -n 's/your-regexp/replacement/p'

It’s practically unrealistic. Even for a distro governed by a US-based company there are a lot of download mirrors, so restricting downloads from all of them is extremely difficult (and anyway unrestricted foreign mirrors still could synchronize with official ones via VPN). Forbidding foreign developers would require identification of each developer, but few distros do this (Debian does, but e.g. Fedora does not).

Developers would understand that such restrictions effectively kill a project, so they would shirk them.

It’s a bad practice to log in as root even for administrative tasks. You need to run numerous commands, some of hem can be potentially dangerous while not requiring root privileges. So normally you have an admin user in the sudo/wheel group and need to login to this account. Also, this adds some protection in case your key has leaked.

Your idea is correct, but I don’t know how to do this in Wndows (while this is pretty simple in linux). However I want to warn you that if the partition that you are dumping is used by the OS, the resulting image will most likely be corrupted. Better use a linux live system and ensure that the partition is not mounted.