A data protection controller is interposed between a storage device and a main
board of a comprising system for protecting data from unauthorized modification.
The controller partitions the storage device into a read-only zone, a sketch zone,
an admin zone and an unprotect zone. The data to read from the read only zone is
written into the sketch zone first. The data in the sketch zone is then transmitted
to the computing system. The data which is intended to be recorded in the read
only zone is redirected to the sketch zone for recording. A location table in the
admin zone is used to indicate if the sketch zone contains valid data or not. In
a RAM Disk Mode, the data in the sketch zone is discarded when a new user session
is started. In a Live Disk Mode, the data in the sketch zone is maintained.