Personal DFIR / Forensics Workhorse

[Anabiosis]

Looking to build a personal workhouse, and would like some thoughts from the pros, and tinkerers here. The goal, to crunch data really fast, and repeatedly. The system would be a combination “sandbox” for malware analysis, incident response (Snort, DFF, Volatility), and host for various VMWare images. It would likely run NetBSD, FreeBSD or some form of Linux.

Needs, fast processing, good amount of RAM (16gb or better)

Video card is really unimportant, as is the sound card.

Storage 1TB - I have about 20TBs of removable drives

Card Reader - Should be able to read just about anything.

Case - Would like this to at least be pretty (Coolermaster HAF?)

This is for a personal machine in my home office. Any thoughts on how to keep this under the $500 mark. Again, this is for personal use, so I don't need write blockers.

 

[Karsten75]

500 is really low. You might just look if you can't find a pre-built machine from Lenovo or Dell for that money.

 

[Anabiosis]

500 is really low. You might just look if you can't find a pre-built machine from Lenovo or Dell for that money.

I had (and am still looking). For example:

• 
  AMD FX-6100 OEM Processor - Six Core, 3.30GHz (3.90GHz Max Turbo), Socket AM3+, 95W, Unlocked
  Gigabyte GA-78LMT-S2P Motherboard - Micro ATX, Socket AM3+, AMD 760G Chipset, 1333MHz DDR3, SATA II (3Gb/s), RAID, 7.1-CH Audio, Gigabit LAN, USB 2.0 (GA-78LMT-S2P)
  Patriot Viper Xtreme 4GB Desktop Memory Module - DDR3, 1600MHz, PC3-12800, CL 11, 1.5V - PX34G1600C11
  Thermaltake TR-500 TR2 ATX Power Supply - 500W, 120mm Fan, Active PFC
  Thermaltake CL-P0503 CPU Cooler - 70mm Fan, Rifle Bearing, Socket AM2, AM2+, AM3, 754, 939
  Thermaltake VM30001W2Z V4 Black Edition Mid Tower Gaming Case - ATX/MicroATX, USB, Audio, Blue LED fan

269.99 however, I am not sure about memory, which is best, etc., I am not a hardware person so I wouldn't know if I can say jack up the motherboard for say $50 more and get 4x the computing power, hence my original post.

I have browsed some of the threads, and have read about gaming machines built in the $500 range. The only difference between what I need in computing with my request, versus say a gamer is... I don't need an uber video card.

 

[Karsten75]

Yea, but you need something beefy to run VMs and support the large memory requirements. Ideally you'd want a Xeon processor, but you've priced yourself right out of that range.

 

[Anabiosis]

Yea, but you need something beefy to run VMs and support the large memory requirements. Ideally you'd want a Xeon processor, but you've priced yourself right out of that range.

I was thinking about that. Right now, on my MacBook I have 16GB of ram, I am running 4 OS' (W2K8, Solaris, and RHEL) without issues. W2K8 is pushing 4GB, Solaris 2GB, RHEL 2GB. I would barely run all at one time, if even ever.

Again, not a hardware person, so I ask... Are there issues running virtualization on AMD? VMWare is not necessary, just threw it out there, I use VirtualBox a lot. Just think: "frankenstein lab" on a budget

 

[Karsten75]

I'm really not an AMD person, sicne I've not actually built or owned an AMD processor since around 2000 when Intel took a solid lead with the Core 2 series. Regrettably so, since I'm really rooting for AMD, but they just can't seem to innovate as well as they did back then.

I'm putting forward this build, well outside your price range, but this is where I'd start. Note, I'd probably not recommend this, but it is a discussion point.

The power supply is my greatest concern, but it should suffice, comes with the case and helps to save some cost. Since it is well in excess of what the components need, you won't stress it and that may be a help. I've also not included a hard drive, instead opting for a mid-size SSD to help with boot-up performance, etc. The SSD was recently nominated in a Tom's article as a "Best-of" - I have no other experience with it.

http://www.tomshardware.com/reviews/ssd-recommendation-benchmark,3269-3.html

I chose the CPU since the hyper-threading will really help if you should choose to run multiple VMs or tasks. You can easily add up to an additional 16 GB of storage. The processor comes with low-end graphics, suitable enough to drive up to three monitors in non-gaming environments. No cooler, since the standard should be enough. No fans additional to the case and the CPU fan that are included - you can always upgrade or add those as is necessary. There are plenty of drive bays, for expansion, but I didn't add an optical drive, since you can do the install from a USB port. Again, for $20 you can add an optical drive that should suffice.

PCPartPicker part list / Price breakdown by merchant

CPU: Intel Core i7-4790 3.6GHz Quad-Core Processor ($307.15 @ SuperBiiz)
Motherboard: ASRock H97 PRO4 ATX LGA1150 Motherboard ($86.66 @ Newegg)
Memory: Crucial Ballistix Sport 16GB (2 x 8GB) DDR3-1600 Memory ($139.99 @ Micro Center)
Storage: Sandisk X210 250GB 2.5" Solid State Drive ($149.99 @ NCIX US)
Case: Rosewill R536-BK ATX Mid Tower Case w/500W Power Supply ($67.24 @ Amazon)
Total: $751.03
Prices include shipping, taxes, and discounts when available
Generated by PCPartPicker 2014-07-22 15:53 EDT-0400