That fundamentally requires a snapshot-capable filesystem, so you need to use a distro designed around such.
Not necessarily. You can use the ptrace() system call to trace a process and store what it reads/writes into a journal, etc.
https://man7.org/linux/man-pages/man2/ptrace.2.html
Not necessarily. You can use the ptrace() system call to trace a process and store what it reads/writes into a journal, etc.
https://man7.org/linux/man-pages/man2/ptrace.2.html