• Desired outcome: To create a process and method and ultimately a device or software application that can create a forensically identical copy of digital evidence in a verifiable and repeatable manner. (Note that this does not specify any criteria for performance related to speed of the copy process.)
• Algorithm: An algorithm is a description of a process, broken down into logical steps. Algorithms are normally used in computer programming, but can be applied to any process that uses a yes/no type of logic. A decision tree can be regarded as a graphical presentation of an algorithm. In this case, we would first express the algorithm in pseudo-code. Pseudo-code is an informal description of an algorithm, basically a plain-language way to describe what the algorithm should do when it is actually written in real code. In this case, the pseudo-code for the forensic copy tool would look like this:
If system is on, write-blocking is enabled: (Protect the original from modification)
Okay to start copy process
While copy process is running
Check each block of data for errors
If no errors, accept and store
Calculate MD-5 hash value and store for that data block for verification purposes
Otherwise, reject data block, and re-copy
Re-copy previous data block
Re-check for errors
If still contains errors after this many tries, mark as bad blocks
Store bad block information
Proceed to next data block
Repeat until all data is copied and verified.