Assuming all the workstations have Pro level os installed, my first recommendation to them would be a T610 or T710 with SBS. Set up a proper domain with good gpo's. The individual machines shouldn't have any critical data on them that is not duplicated to the server. Make sure to configure the machine with SAS 15k drives. This is not a cheap solution, but it WILL pay for itself over the future. A law firm should never be handled the way it is currently. They are probably in violation of countless compliance rules and are damn lucky they haven't had any major catastrophe at this point.
As a case study, I took over a slightly larger firm last year that was in a similar shape as your's. They have two offices and about 30 workstations between the locations plus 6 notebooks for the attorneys and one of the paralegals. Their network was a hodgepodge of off-the-shelf BB specials, custom rigs, and a couple of low end HP business machines. We immediately addressed the servers and network. We set up 2 untangle boxes with point-to-point vpn, content filtering, firewall, etc. We installed a PowerConnect 2848 switch in their main office and a 2824 at their smaller location. We added a baracuda email archiver (to satisfy one of the biggest compliance violations). We then installed a T610 to run Server '11, and a second 610 to run hyper-v. We setup the sbs machine to run all the standard duties of a domain controller, folder redirection, as well as their SQL db's. We have 2 VM's running on the other machine which we did a p to v conversion of their existing "servers". All the heavy data storage is handled by the second server on which we maxed out the capacity. We have replaced all the custom and BB stations with Optiplex 790's with Core i5s. We are replacing the 3 year old, woefully craptastic, celeron HP's and the notebooks next quarter.
Yes, they spent a ton of money. However, they now have a reliable network that is blazing fast with room to grow and great central management. Once I laid out the compliance issues and the extreme cost of managing that mess, they went to the boss who immediately saw the liability issues. They jumped on the proposal and signed a two-year MSP contract.
It can be a hard sell, but if they don't see the importance of maintaining a proper network for their business, they eventually won't see the importance of paying you either.
Edit: On a side note, a client is coming in to meet with me tomorrow to discuss one of these:
http://www.dell.com/us/business/p/poweredge-t620/fs?~ck= 
