Dedicated Machine

Update: I had originally planned for 32GB RAM, but ended up with 64GB RAM and so I updated the page accordingly. I could imagine instances where 32GB RAM was insufficient, so it seemed reasonable to get more. 64GB RAM is the maximum supported by this CPU.

I am currently in process of putting together a dedicated machine for malware analysis. I am writing this post because I believe others will be interested in the specifications and reasoning.

If you are interested in computer parts and want to jump to the conclusion, you can check my parts list here: https://pcpartpicker.com/list/8Y6Lp2 . The total build comes to be about $606 without the optional purchase of a Windows 10 license key.

The effective difference will be the difference between trying to use the kitchen table to perform dissections and having a dedicated room. The kitchen table does the job, but you have to keep clearing the table and make sure you clean up properly. The dedicated room allows you to have dedicated procedures, techniques, and tools for dissection and ensure sanitary conditions between sessions.

Reasoning

In building a dedicated machine the following were my priorities:

  • RAM
  • CPU
  • Storage

I have been able to do a decent amount of malware analysis with 8GB RAM, Dual-Core CPU, and 256GB storage; but in general: a computer with those parameters cannot easily run more than one virtual machine (VM) at a time; a VM can frequently have poor performance; and you frequently run out of storage space. …If you are just starting out in malware analysis, it can still be great to use a machine with these parameters, but for running multiple VMs, it is inadequate.

My build started with one of the basic gaming build templates from PCPartPicker; but I modified it from that base build. I increased the RAM from 16GB RAM to 64GB RAM. I increased the storage from a 480GB SSD to a 1TB SSD (it has room to add another SSD if desired). The CPU stayed the same and has 6 Cores/12 threads.

This additional capacity will allow me to make use of multiple virtual machines and projects such as DetectionLab. Having multiple virtual machines will allow me to better assess network activity caused by malware. Using DetectionLab will allow me to better see how malicious activity in general may be seen or logged in a Windows environment.

It would be perfectly reasonable to create a dedicated machine with even more RAM and even more storage space, but for my needs, the above specifications should be adequate for the time being.

Coming soon

The dedicated malware analysis machine should be completed soon. I have been delaying on publishing some blog posts due to being unable to run malware and being unable to document network activity of the malware. So, you should be able to expect more posts to be coming soon once the machine is operational.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: