The Evolution of my Home Lab: From Break-Fix to Forensics

Home Lab Photos: Copyright © Elan Wright / DFIR Diva | All Rights Reserved

These photos may not be used, reproduced, modified, downloaded, uploaded, sold, distributed, or used in any other manner without permission and credit.

One of my favorite things to do in my spare time is play around in my home lab. Aside from being fun (to me anyway), home labs are a great way to get hands on experience using different hardware and software. To demonstrate what a home lab can be used for, I will talk about what I have personally done in my home lab over the years.

In 2009, I started studying for the A+ certification exam. I put an ad on Freecycle looking for unwanted computers and computer equipment so I could practice repairing them. This was the beginning of my home lab:

After I repaired and built as many computers as I could, I started trying different Linux distros to learn more about Linux.

In 2016, I started taking Cisco CCNA classes at a local community college. They had a hands-on lab at the school, but I wanted to play around with routers and switches at home too. I found some used equipment on Ebay and added that to my home lab.

Image Not Found

In 2017, while studying for the CySA+ exam, I set up as many tools as I could that were listed on the CySA+ Exam Objectives, and practiced analyzing logs and PCAPs.

In 2018, I started studying for the CCNA Cyber Ops exam. I was curious about Cisco ASA firewalls, so I found a used ASA to add to my home lab along with a step-by-step configuration book (I still need to find the time to set this up). The other book pictured, “101 Labs for the Cisco CCNA Exam” is great for labbing with routers and switches.

Image Not Found

After passing the CCNA Cyber Ops exam, I started studying for the CEH and experimented with Kali Linux in my home lab.

Last year, I did a graduate capstone on improving the security posture of a small business using free tools. I was able to set up my lab to mimic a small business and used AlienVault OSSIM as a SIEM and to conduct vulnerability scans. I also set up GoPhish to conduct phishing simulations.

Now that I am working on enhancing my Digital Forensics and Incident Response skills, this is my current setup.

Yes, I know the slashes on the wall decal are going the wrong way. It’s meant to be a joke (see the reference here)

Most of the monitors were given to me for free so I decided to give it a SOC feel.

The six computers below have Windows Server 2016, CentOS, Windows 10, Security Onion, Windows 10 running a Cyborg Hawk live CD, and Mac OS Catalina. I’m using a KVM switch with a mouse and keyboard. The “desk” is an old dining room table that I got for free with a cheap coffee table sitting on top of it. Hey, whatever works right?

I also have another Windows 10 computer (below) that I use to practice forensics. I have FTK Imager, Autopsy, and Oracle VirtualBox with CSI Linux, AleinVault OSSIM, SANS SIFT, Security Onion, Kali Linux, Remnux, BlackArch Linux, Parrot OS, and FlareVM installed. This computer has 16GB of RAM, an i5 processor, and a 256GB SSD + 1TB HDD. I haven’t had issues running any of the programs on this computer, but I also don’t use everything I have in VirtualBox at the same time. I have hard drives from my old computers to practice with, as well as old/cheap Android phones to start practicing mobile forensics. I got the hard drive adapter pictured below on Amazon.

UPDATE: I added two more monitors (below) since I originally posted this. I put the single TV/Monitor pictured above on a rolling TV Stand and set the two new monitors on the desk.

Added two monitors, a new wall decal, and Cololights. This photo was taken before a Trace Labs CTF.

All seven computers are currently on a VLAN using a managed Trendnet switch.

I also have the tools and gadgets below to play around with. The Raspberry Pi has Kali Linux installed on it.

For some ideas on what to do with a Raspberry Pi in your home lab, check out these videos:

Last but not least. Books! I may be slightly obsessed with books.

IT Books

These are some of the books I have that can be used for hands-on learning in a home lab.

For a basic home lab, all that is really needed is a computer running virtual machine software such as Oracle VirtualBox or VMWare, and a couple of (or several) VMs. This is a picture of one of my VirtualBox setups.

For more home lab ideas, information, and to ask questions, there is a home lab community on Reddit. They also have a Discord Server.

For videos about home labs, check out:

There is also a good Building A DFIR Analysis Fort blog post on DFIR Madness (They have a DFIR Challenge as well)

For a book about building and maintaining a virtual lab, see Building Virtual Machine Labs: A Hands-On Guide by Tony Robinson

To find used/cheap computers and equipment online try:

You can get free evaluation versions of Windows Operating Systems HERE

For mobile forensics, The Binary Hick has Android and iOS images available.

To practice analyzing PCAPs in Wireshark, here are some sources for sample PCAP files:

For more test images and samples check out AboutDFIR and DFIR Training.

Just downloaded a tool or distro and don’t know where to start?

  • YouTube: YouTube has tutorials on just about every tool and distro out there.
  • Google: You can often find written step-by-step tutorials or forums where you can ask questions.
  • Documentation: Yes, it can be tedious, but read the documentation.

Happy labbing!