[zizee]

In reality, forensic data people tend to just pop the drive out of the machine and connect it to a specialized machine that can clone the drive, whilst ensuring there is no write capability, so it is guarenteed to not modify the drives contents. This is done to preserve the "chain of custody", so the investigators can't be accused of fiddling with the evidence.

I think that the only way to do it would be to have something like a fully RAM disk, that is erased when power is lost. But this is problematic because of power outages, so you would be tempted to use battery backups or something, which would in turn make the system transportable, and more likely to not be deleted.

I guess in the case of the article, it was TSA agents, so your proposed system could do the trick with incompetants.