cover image for Forensics Workstation Build

Forensics Workstation Build

R

Design Methodology

I've been designing and building computers, workstations and enterprise servers now for over 25 years. I started my first builds when Windows 95 was released, and have enjoyed building systems ever since. A lot has changed since then, and technology within the past few years has skyrocket upwards.

I personally use an Apple Mac Mini with the M1 chip, and it's been fantastic. Not one complaint, except a bit an of a learning curve coming from x86 architecture to Arm64, and some software compatibility. I also have an x86 Desktop that I use at home, with Ubuntu as my main OS.

This post however isn't about Apple or Mac, it's about my design process for x86 based workhorses. I will briefly explain my design methodology, why I go about a particular design method, and some general tips on how I settle on a design pattern for myself, and my clientele. Let's jump right into it.

Method preview

For my custom-builds, for all my customers I use the latest and greatest tested components, sourced and purchased from reputable suppliers, I don't cut corners to save a buck. I do however put a lot of research into product cost factors, based on market fluctuations, and usually mention in my quotes that market fluctuations happen, sometimes hardware can go up and down in price rather quickly, I always leave about a 20% buffer into my quotes for this variation.

System design

When I design a system step one is to ask myself or the customer, what is your goal for this system? Based on the response, the next question is probably the most important factor, what is your budget? From here we can proceed to the design phase, where I spend a good amount of time comparing prices, specs and product availability. For the purposes of this post, we will hypothetically lay out the schema for a forensics workstation based on AMD.

System Schema

When building a system I start my build design in somewhat of an unorthodox approach, and while some builders do the same, in the professional workspace it can sometimes go against the grain. Change can be hard sometimes but stick with me.

My build schema always starts with the motherboard. Why? Think of the motherboard as the central nervous system. I always start with the newest and most feature rich motherboard currently available within my budget parameters. In this scenario, Chip manufacturer selection isn't a priority, Intel or AMD based doesn't matter, and for the sake of brevity, when I design a system, I offer both options with comparable specs and leave it up to the customer to decide, which CPU brand they would like t go with, unless they specifically request a certain chip.

Schema

  1. Motherboard
  2. CPU
  3. CPU Cooler
  4. Memory
  5. Storage
  6. Video Card(s)
  7. Case
  8. Power Supply
  9. Case Fan(s)

Reasons for motherboard first? I've always had the philosophy that you can easily upgrade a CPU, however motherboard upgrades, are much, much harder, especially when it comes to your host software installation, OS corruption etc. It's a lot easier to swap a CPU, than to swap a motherboard, and you can save a little money in the beginning by using less or cheaper ram, and then upgrading that as needed also, it's not hard to pop a new stick in, or swap a CPU on thermal paste days right. Also maxing out on the motherboard guarantees a better overall system stability and performance.

Ok, now that's out of the way, how do I make a mock-up for clientele? Honestly speaking, usually pen and paper, haha kidding. I use PCPARTPICKER, you can easily compare pricing, and share with your customers within seconds. Keep in mind builds are public, so if you're making a super secret build, use the old-fashioned mock-up quote from Excel :)

Alright let's go through a sample build for a forensics workstation, with a fairly aggressive budget, and some future proofing options, I'll do my best to stay a bit conservative, so your manager doesn't have a heart attack.

Motherboard

I tend to stick with a few brands, that over the years have served me and my clients well. Usually I go with Asus, or Gigabyte.

Since this is a forensics machine designed for a lab environment and not for gaming, I would go with a workstation specific board.

For this build AMD WRX80 Ryzen™ Threadripper™ PRO extended-ATX workstation motherboard

What makes this motherboard stand out?

  • Dual Intel 10G Ethernet
  • 1x USB 3.2 Gen 2 Type-C port
  • 1x USB 3.2 Gen 2x2 Type-C port 20Gbps
  • 7xFull x16 PCI Express 4.0 safe slots
  • 16 Power stages
  • 8x SATA 6Gbps ports
  • 3x M.2 PCIe 4.0 slots
  • ECC memory support, up to 2048 GB
  • Intel Wi-Fi 6 on board.
  • Integrated BMC (Baseboard Management Controller)
  • 2x PCIe 6-pin power connectors
  • BIOS Flashback

This motherboard isn't available on PCPARTPICKER at the moment, so we will just add the other components to our final build list, that are compatible with the motherboard we selected.

Buy ASUS Pro WS WRX80E-SAGE SE WIFI

$1,289.00 CAD

CPU

CPU compatibility is small for this particular board, however since we are desiging an AMD system today we will continue. CPU compatibility can be found at the CPU Support page.

The cheapest option currently availible is the AMD Ryzen Threadripper PRO 3955WX

AMD Ryzen™ Threadripper™ PRO 3955WX Desktop Processors specs.

  • CPU Cores 16, 32 Threads
  • TDP 280W
  • Base Clock: 3.9GHz, up to 4.2GHz
  • PCIe 4.0
  • DDR 4 up to 3200MHz

$2,189.99 CAD

Ok so we have our main components, and even-though they aren't cheap, keep in mind this is for a commercial workstation, that is designed to run 24/7 - 365, for a professional examiner.

Water cooling

I have always built my PC's with water-cooling, more specifically an AIO, "AiO" stands for "All in One", which means that you'll get a complete package, consisting of radiator, fan, pump, tubes and cooling unit, which reliably cools your CPU, and keeps your workspace quiet. Unless the client want's a custom loop, usually though for simplicity, I go with an AIO. Just like the other components, from my testing I stick with a particular brand that I've put through the paces, and have always been happy with. EVGA

For our build since the CPU is an absolute "Unit", shout out to my British folk, I chose the EVGA CLC 360mm All-In-One. EVGA has an awesome warranty process, and I've had great success with their products, and returns/replacements, to be fair, I've only had one product returned, and it was actually purchased through Amazon, so I don't know if it was just the handling of the product(video card), nevertheless they exchanged my product hassle-free, and the build was a great success. They stand by their products and are quality made.

Notable mentions,

  • 100% copper pad
  • Max 20dB(A) pump noise
  • Aluminum radiator
  • 3x 120x120x25mm fans
  • Quiet out of the box
  • 5-Year Warranty.

$89.99 CAD

Memory

This motherboard supports DDR4 memory, and although it does support ECC memory, I will be using standard DDR 4 at the speed specified by Asus. I've had great success with G.Skill branded memory in the past, and for this build I'll use Ripjaws V DDR4-3200 CL16-18-18-38 1.35V 256GB 8x32GB, they are supported and tested by Asus for this motherboard's Memory. Price point is actually good, considering the ammount of ram you're getting, 256GB (8x32GB), and Limited Lifetime Warranty. Epic

$716.56 CAD

Storage

For my host OS I always go with a fast booting, high I/O NVME SSD, and for this build I will go with the 980 PRO PCIe® 4.0 NVMe™ SSD 1TB. I've had excellent performance and durability under extreme conditions with Samsung drives, and in my opinion are the best. Samsung says "Genuine PCIe 4.0 NVMe® speed (up to 7,000/5,000MB/s for read/write speed)" and that's great. I will add this on the list, and select a few additional drives.

$129.99 CAD

Additional drives, I usually advise on an additional SSD for Virtual machines or games, software etc. So for a secondary drive I usually name Data, I'll select 870 EVO SATA 2.5" SSD 2TB, good amount of space for virtual machines, V-NAND with 530MB/s Seq. Write. Excellent. I'll add this to the list and an additional drive that's not required, but recommended.

$179.99

For the final drive, I like to have a good solid backup drive, and while this is optional, believe me you want backups. I know I like backups, the more, the merrier. For my backup drive, I have had great success with WD Red Pro NAS Hard Drive, excellent transfer speeds, at time comparable to a cheaper SSD. Four our build I've opted for a 6TB model.

$179.99

Video Card

For some builds a video card may not be required, but since our chosen CPU does not have a built-in graphics chip, we will need one. Also, a forensic examiner will likely need to crack some hashes, so let's pick one from my favorite brand again EVGA

Since we are legends, and we have come this far, let's treat ourselves to a card that is not quite as good as a Titan, but good enough to get the job done with pretty much anything we can throw at it. EVGA GeForce RTX 3090 Ti FTW3, yes it has RGB but that's ok, who says we can't look cool while cracking some hashes? What it also has is 25GB GDDR6X memory, and 10752 CUDA Cores, with a 1920 MHz Boost Clock and 1,008 GB/s Memory Bandwidth, so yeah just think about that. Great price and available today.

$1149.99

Case

Now cases are really a personal preference, and everyone has their favorite. For our build though, we want motherboard and water-cooling compatibility, for this reason going with another one of my all-time favorite brands, Phanteks ENTHOO 719. This case is beautifully built and really completes this system. At 9.45 in x 22.6 in x 23.6 inches this Full tower Chassis is a beast. This case even supports two completely independent builds, with two motherboards and two power supplies, wow.

$219.99

Power supply

Another item that I normally do not cheap out on is the power supply. Next to the Motherboard your system can't run without it, and for efficiency the higher grade you go, the better. For this reason and future proofing, I selected the EVGA SuperNOVA 1600 T2, 80+ TITANIUM 1600W. Key features,

  • 10-Year Warranty
  • ECO mode, under low load the fans shut off
  • 94% Efficiency
  • Fully modular
  • 100% Japanese Capacitors
  • Standard ATX form factor size
  • 1600W @ +50C
  • High quality braided cables

I've been using these for years and they are super awesome. Never had one fail. I recommend buying directly from EVGA, unless locally available. This is basically the best power supply you can get, current pricing is a steal. Our estimated wattage not including the CPU or any additional drives or video cards is 689W, so you see a power supply of this size, can definitely get used up pretty quick.

$349.99 CAD

Case fans

In some cases you may need better fans, to be completely honest with you, the fans included in this build would more than suffice. I Will add my recommended fans, but not include them in the price as it's completely un-necessary, if you do decide to grab some fans, checkout ML120 PRO 120mm PWM Premium Magnetic Levitation Fan.

Summary

This is an amazing build, probably overkill for the everyday user, however for a professional developer, content creator or forensics analyst, this machine would be a good starting point. I would consider this a base model for a professional workstation in a high output lab, especially if it would be running 24/7, say processing, copying drive images, or a data recovery rig, hash cracking machine etc.

A summary on 4n6 Build does not include the CPU and motherboard, so we will add that amount manually now.

Our build cost before taxes and shipping is $6545.48 CAD, and that is not too bad considering the gear we have here. If you are interested in a build like this for your lab, drop me a line Ryd3v, I ship internationally, and provide 1 year of technical support for each system I build.

Stay tuned for an Intel variant build, for those who like to live dangerously ;)

Did you like this article? Drop me a line on Twitter, @ryd3v