Choosing an “InfoSec” Laptop

/ ChocolateCoat

Luckily there are a ton of resources for commonly used information security software and tools, but I still sometimes have a hard time finding recommendations for what you should have physically. First of all, you don’t have to work in DFIR to follow this, it’ll be more specific to DFIR but should fit most security adjacent roles. I’m going to organize this into a few different use cases I’ve seen since it can differ greatly based on your role. I’ll talk through use cases for a Student, Work From Home (WFH), Self-Study/Research.

The Laptop

This topic is all over the place in my opinion. Some folks say get a gaming laptop, some say get a Mac, and other say install Arch on your old laptop (who hurt you?). Laptop recommendations are odd since you need to find a balance between affordable and “investing in yourself” aka spend more money. Obviously if you’re doing the work professionally you simply use what you are provided, but don’t let that stop you from making a recommendation if it doesn’t fit your needs. So, here’s some things to look for, and keep in mind that technology evolves quickly so some of these specs may be outdated in a few years. I tried to go with the middle of the road, specs that will get the job done comfortably but maybe save some money on a few features.

WINDOWS, OSX, or LINUX????

For the sake of easier licenses and Virtual Machine (VM) support, I would typically stick with Windows or OSX. A simple rule of thumb is to analyze a system with the same OS, so analyze a Mac on a Mac or Linux on Linux. This is where having VMs is especially helpful, so you don’t need 3 different workstations. MacOS has the advantage of easily obtaining VMs for every OS. Windows is the most common and relatively cheaper for higher specs. If you are not already a Linux power user, I would stick with Windows and MacOS since having “linux” functionality is simple with WSL2 or zsh.

TL;DR: MacOS for the most coverage if you can afford it, Windows if you need an all-rounder.

SPECS

Size: 14-inch screen

Bigger is not always better. Screen size is always preference but consider that it will fit in whatever bag you may be moving it around in. Thin and light laptops are powerful now, I would generally avoid any beefy gaming laptops just because hauling it around can be a pain. They may not fit in backpacks, they add a ton of weight, and they are usually a lot louder with fan noise. Weight isn’t much of an issue, but I would aim for under 3lbs if you can. The “slim” gaming laptops sometimes work well and add in some of specs I mention below, but don’t feel like you must get a gaming laptop. A Dell XPS may actually function a lot better than some of the gaming laptops out there.

RAM: 16GB DDR4

8GB is fine and if that’s what you have you may not need to upgrade, but you will likely be running lots of things at once, so the extra space is nice to save time and fan noise. DDR5 is the new standard and if you can get it, go ahead but DDR4 or even 3 should be just fine. If the system is upgradeable consider purchasing a lower RAM capacity and upgrade it yourself, but make sure you check online if it’s possible. It’s always a good idea to get a system that you can upgrade yourself although it is less common now.

Storage: 500GB HDD

This is variable but 500 is a good baseline. It gives you enough room to store some data locally if you really need to and plenty of room for the VMs you’ll be using. I know folks will say SSD or M2 is better and faster, which it is, but an HDD is a lot cheaper, and speed and performance efficiency can wait unless your school decides otherwise. You can always typically upgrade your hard drive yourself in the future depending on the device so again look at upgradability before purchasing.

Display: 1080p or higher/ 60HZ Refresh rate or higher

Most of the time you will likely want a monitor, but you need your internal display to be effective as a second display or when you’re on the move. The higher refresh rate will keep things snappy, the higher resolution you go the more expensive refresh rates will be. I think 4K is overrated especially since I’m not using my internal display as my primary so it can be worth saving a few bucks. I personally like a modern 1080p display with 120HZ refresh rate. Also watch out for Twisted Nematic (TN) displays they are a lot cheaper but just don’t look very good at all. Stick with IPS or some kind of LED.

Ports: USB-C (PD), USB, and DisplayPort or HDMI

Ports are especially useful for forensics work. You will likely be plugging in write blockers, hard drives, and license key dongles. Most of these will use USB 3.0 and below, the support for USB-C is not quite universal but faster if you get lucky. Also opting for USB-C with Power Delivery (PD) or Thunderbolt is helpful if you want to use a dock (will discuss in a WFH setup blog).

CPU: Intel i7 (10th gen+) or Ryzen 7 5000 series

Try to get a newer CPU (2020+) since there have been some dramatic improvements lately on Intel and AMD side. You can get away with an i5 or Ryzen 5 if you’re on a budget but I would stay away from an i3 or Ryzen 3 to avoid an potential bottlenecks. If you’re on the Mac side of the house, the M1 chips are fantastic, but keep in mind they may have limited support for certain VMs.

GPU: Integrated or whatever comes with the above specs

Unless you are doing some serious password cracking or maybe VR forensics? You don’t need the latest and greatest graphics card. Whatever is built in will function just fine for the average workload. If you do want a bit of an upgrade for some gaming breaks look into a NVIDIA 1650 or 2050, bonus if it is a “TI” version. Keep in mind a desktop NVDIA 3060 GPU is significantly more powerful than a laptop NVIDIA 3060 GPU, so watch out for the marketing.

Battery: 5+ hours

It will be rare that you ever use your laptop for an extended time without power. The portability is more important in my opinion, but making sure it can survive a quick plane trip may be helpful.

Bonus Features

  • Thunderbolt support, makes docking a lot easier and with the right hardware transfer speeds can get quite the boost.
  • Fingerprint reader, easier than typing a password every time.
  • Ethernet port, if you are working home or rely on heavy network transfers, it may come in handy.
  • Keyboard, if you can try typing on it, no one likes mushy keys
  • Good Reviews, do some research on the device before purchasing, some systems are more prone to issues.

Cost: ~$1400 USD

This one of course depends on your means. If you’re a student, I wouldn’t even try to spend $1000. If it’s for work, maybe they will be willing to spend a little more. I personally have never spent over $1400 on a system, and never run into a showstopper issue. I would heavily look into refurbished/used devices, even Macs can be significantly cheaper if you just go back a year or two.

Hope this helps narrow your search a little bit, of course you can reach me anytime at @CyberCoat on Twitter.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s