Cloud forensics is the application of digital forensics. It works on scientific principles, practices, and methodologies for recognition of the events through identification, collection, preservation, examination, and reporting of digital evidence.
It is harder to identify evidence in cloud infrastructure since the data are located in different geographical areas.
The advancement of the latest technologies, frameworks, and tools enables the investigator to identify the evidence from trusted third parties, which is, the cloud service providers (CSP). There are various techniques in cloud forensics based on cloud service and deployment models. The customer doesn't have any control of the hardware and they have to depend on CSP for collecting the evidence in the Software as a Service (SaaS) and Platform as a Service (PaaS) models, whereas, customers can acquire the Virtual Machine (VM) image and logs within the case of Infrastructure as a Service (IaaS) model.
Cloud network forensics is necessary to block attackers who are trying to hack the cloud services and get notified when hackers are trying to gain access to your cloud infrastructure, platform, or service.