So in summary:
- We don’t have a list of things to shred;
- the list keeps changing over time;
- for example, this had been identified Disable PStore by raja-grewal · Pull Request #304 · Kicksecure/security-misc · GitHub;
- unknown unknowns;
- Computer storage hardware is not designed with non-persistence and anti-forensics as a primary goal in mind.
Conclusion:
The most secure way to avoid data persistence is to avoid data ever being written, ideally combined with Read-Only: Setting Hard Drives to Read-Only.
Added to grub-live - boot an existing Host OS or VM into Live Mode documented just now:
This wiki page documents grub-live mostly as a standalone software package outside the context of Kicksecure. Any elements related to Kicksecure are clearly marked as such (“Kicksecure feature”).