with the RAM disk (Really disposable (RAM based) qubes) version
there is no r/w event with the disk?
Assuming by r/w you mean read/write:
Every software involves “r”. Otherwise you would not be able to access it.
As for “w”: The ram-qube script creates an AppVM in RAM but that does not remove writes related to:
- qubes DB in dom0
- logs in dom0 (the cleanup phase of the script removes some of them but it cannot remove the lines from global logs)
- maybe something else (maybe not, just a disclaimer, as I am not familiar with all the intricacies of Qubes OS)
The ram-qube script is not intended to improve anonymity or to provide anti-forensics. It may help with that to an extent but it is rather an additional unintended side effect, rather than a goal. My actual goal was to have a way to reduce SSD writes and use available RAM to work faster on temporary stuff. E.g. it is very convenient for downloading video from torrent, watching it and throwing it away.