10.1 Introduction

As cloud technologies have emerged in recent years, cloud storage and computing have greatly enhanced everyone's work productivity and life quality in many ways. These technologies allow reliable, scalable, flexible, and cost‐effective data storage and data processing through using networked systems and databases, virtual environments, and a set of cloud management and operational methods. Nonetheless, the ubiquitous applications of the Cloud provide potential opportunities for cybercriminals to hack into organizational and personal cloud environments and acquire sensitive and private data. The ever‐increasing number and scale of such cyber and cloud attacks has drawn the attention of digital forensic investigators.

Traditional digital forensic investigation approaches and processes focus on the acquisition of potential digital evidence from traditional data storage devices, such as hard drives, solid state drives (SSDs), computer memory, and external storage, such as Universal Serial Bus (USB) memory keys and Secure Digital (SD) cards. Due to the distributed nature of data storage and processing in cloud computing, some of these traditional acquisition techniques have proven to be no ...