Whonix now has the option of booting into a live system . When live-mode is chosen, all write operations will go to RAM instead of the hard disk. The primary objective of live-mode is to prevent malware from gaining a persistent foothold and to return the system to its state prior to booting.
Live mode is not amnesic; in particular, memory forensics has not been taken into account!
System with low resources:
If Whonix is running on a system will low RAM it is recommended that all non-essential processes are shutdown on the host. This will free up memory for virtual machine allocation, if needed.
This is what i wanted! Now i use qubes, but with this, i going from qubes to normal linux + kvm + whonix live-mode when its final. But for now its buggy. Sometimes whonix start with the login screen. And sometimes whonix is really slow with one cpu.
Recently tested the Whonix live mode. Set my KVM virtual disks to read-only as per the setup instructions. Even downloaded a couple files. Rebooted into normal Whonix mode and as expected, the downloaded files are gone. Also tested bookmarking a site. Again as expected once I rebooted into normal Whonix mode, the bookmark was no longer there. Video and audio worked fine in Live mode. Using it felt no different than if I was in standard Whonix mode. I had both the Gateway and Workstation in Whonix Live modes together. No issues.
As a defense method, after using Whonix Live (for both Gateway and Workstation with Virtual Disks set to Read-Only) I am thinking the best thing to do would be to completely shut down the host computer to wipe the RAM?