Virtualisation can do reasonably secure nonpersistent drives. Would rather not rely on this alone but also have a host that is nonpersistent too. A live DVD as a host leaves no traces and is physically impossible to permanently infect/own but not very practical to carry around. A live USB flash drive is more practical. Another option is grub2 configured to boot from an ISO image in an internal hard drive.
In Windows there is Shadow Defender that intercepts all writes to disk and makes them nonpersistent by storing deltas instead. The deltas are stored in an encrypted format so in the event of a power-down they cannot be recovered easily. This software is hard to bypass because it uses a driver stub that loads very early in the boot sequence. What can one do in linux that is as securely nonpersistent as Shadow Defender or better?
Is grub2 boot from an ISO image as effective?
Are bootable USB flash drives made with Rufus given any bootable ISO image as effective?
What about fsprotect, is it any better than grub2 boot from an ISO image?
Distros proposed for the host: anything hardened like Pure OS, Astra Linux, Kodachi. Preferably Secure Boot signed.
Which is the most hardened option?