Apr 082013

The Digital Forensic Investigation Research Laboratory conducts a lot of research on Cloud environments. However, Cloud environments can sometimes be cumbersome to create and configure, taking time away from testing and research. In order to streamline this process, DigitalFIRE has created a virtualised Cloud environment for Cloud security and investigation researchers. By virtualising Cloud components, this allows researchers to delete, change, prod and generally abuse the Cloud as much as they like while allowing the system to be easily reset. A description of the system as well as information about downloading and using the environment can be found below.

“OpenStack is an Infrastructure as a Service (IaaS) cloud computing project that is free open source software released under the terms of the Apache License” – Wikipedia

The Openstack project provides us with a cloud computing system. It’s an open source project, which is perfect for the more under-the-hood inclined user. If you are looking to work with Openstack, ready your hardware (you’ll need a few spare machines), head over to openstack.org, download and install it.

139 pages of install documentation later, if you managed to follow the instructions precisely, you’ll have an Openstack system.

This is where our research might help you. We’ve created a minimal Openstack system as an OVA (VirtualBox) virtual appliance. Currently, our appliance has two virtual machines “node1” and “node2”, a very minimal Openstack system, but it provides the required Openstack functionality for testing and research purposes.

What is provided in this Openstack installation?



Swift runs on node2 ( and the rest of the Openstack services are running on node1 ( To get you up and running quicker, we’ve added a CirrOS tiny cloud guest image so you can spin up VMs immediately after you install our appliance.

How do I use it?

  1. Download the DigitalFire Openstack OVA appliance. (1GB OVA file)
  2. Install Virtualbox on your OS. http://www.virtualbox.org/manual/ch01.html#intro-installing
  3. Make sure a host only network (ip:, DHCP off) exists. More info at http://www.virtualbox.org/manual/ch06.html#network_hostonly
  4. Import the appliance into your hypervisor. (Using Virtualbox, File->Import Appliance). Visit http://www.virtualbox.org/manual/ch01.html for more detailed instructions.
  5. Start the VMs node1 and node2.
  6. Wait about 30 seconds for the nodes to come up.

You now have a working Openstack system. Access the dashboard via your browser at to begin using your cloud.

Installing Openstack from scratch is quite informative and gives you a good overview of the inner workings, however our appliance will allow you to get started with Openstack very quickly.

Installing a new image for use in Openstack

We’ve added a CirrOS image (very small linux) to our virtual Openstack system. However, If you want to add a new VM image to your Openstack you can. Just follow the steps below:

1. Download an image (quantal-server-cloudimg-i386-disk1.img from http://uec-images.ubuntu.com/ for example).

2. SSH into node1:

Set up our credentials for keystone, on a terminal in root’s home directory:

$ source openrc

Add our new image to Glance, using the Glance CLI:

$ glance image-create –name=ubuntu –disk-format=qcow2 –container-format=bare  < /home/root/quantal-server-cloudimg-i386-disk1.img

3. On Dashboard:

Create a keypair. (Project Tab -> Access & Security -> Keypairs -> Create Keypair)

Your new instance based on the new image with keypair is ready for use.(download .pem file)

In Windows you might want to puttygen -> load .pem -> save private key -> .ppk file

SSH to the new instance (with the .ppk file as auth)


Make sure you have a Host-Only VNIC installed on your host system with the following configuration:

IPv4 address: (the last octet is changable, but make sure to leave 100-200 of the last octet available to the openstack system as floating ip address, node addresses etc)

The virtual machines have a NAT connection to the host system, allowing for a guest VM internet connection. You can remove these from the virtual machines if you wish.  They are adapter 2 on each virtual machine.

This Openstack installation is configured for openness and ease of use, many network ports are open, security groups are quite relaxed and all the passwords are very weak. Bottom line, the installation is geared for testing/research purposes.

You’ll need at least 4GB of RAM (more would be a lot better) and a CPU supporting VT-x  in your host system.

Credentials (username/password):

  • Dashboard Admin (admin/password)
  • Dashboard Demo user (lee/lee)
  • Node1 login ( (root/lee)
  • Mysql server on Node1 (root/root)
  • Node2 login ( (root/lee)
  • Cirros image (cirros/cubswin:))

UPDATE: The latest version of Virtualbox has broken OVA importing. A (horrible) workaround is to import the OVA in an older version of Virtualbox and then upgrade!


[suffusion-the-author display='description']

  4 Responses to “DigitalFIRE Virtual Cloud Environment”

  1. I am currently a MSc student at Universty of East London UK (School of ACE). 

    I am conducting research in the area of Cloud forensics of IaaS. 

    I shall be grateful if I will be allowed to use your OVI appliance for my research experiments. Also if you coukd confirm to me the system requirements and configuration for implementing OVI 

    My alternative email is 

     Kind regards 

    Oscar Osigbesan

    • Hello Oscar, you are most welcome to use it. This what our virtual cloud environment had been created for.

  2. Greetings Sir,

    Thank you so much for the valuable resources related to cloud forensics.

    I am pursuing my Research on “cloud forensics for IAAS cloud environment” deployment models, and trying to identify the issues/difficulty/requirement of forensics support for the IAAS cloud.

    Aslo with respect to the challenges of, adopting prolog forensics versus Machine learning techniques to provide better solution strategy on IAAS cloud forensics issues/difficulty/requirement.

    So, i am in need of your expertise guidance, to knew, how the cloud forensics for IAAS relevant till with industry adaptions and need more insights from you Sir.

    Thanking you,


 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>