[brudgers]

For malware analysis, I'd definitely look at computers as cattle rather than pets...I guess I'm leaning that way in general.

One way of approaching it though is to swap out SSD's. Turn the box off, pull one put in another and [assuming there is only one persistent storage device] it's a whole new computer. For a lot of tasks, swapping state could probably just be thumb drives. For many tasks, 16G or even 8G is going to be plenty for Linux, tools, and the object of interest. Those run about $8 in bulk these days.

Build a standard tool image; store it on the Mac and burn it onto thumb drives asynchronously. When a new project comes along, pop one into the second machine; load in the malware; and have at it. Don't even need a VM.

Good luck.