Verifying Debian/Ubuntu packages integrity when booting from a read-only DVD?

view story

http://unix.stackexchange.com – Is there an easy way to boot a Debian-based Linux system from a read-only medium (say a Live Linux read-only DVD) and then use Debian's .deb checksums / signatures (?) to verify that the files installed do indeed come from properly signed Debian packages? In other words: is it possible to boot a system from a known clean Live CD and then use Debian's package format as a "poor man's intrusion detection system"? If so, how should I go about it? (HowTos)