As ISO/IEC 27037 deals with the process of processing digital evidence, all these processes relate to the traditional digital environment. But as with the development of the cloud, the scenario has changed a lot. Cloud computing poses new challenges for investigators. These challenges can include various issues such as server virtualization to multiple locations, reliance on CSP for log access, etc. Thus, in the document “Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing” which was provided by Incident Management and Forensics. working group of the Cloud Security Alliance, an organization dedicated to developing and improving the cloud. This paper attempted to address issues related to how to manage evidence in a cloud environment. They also tried to explain how ISO/IEC 27037 can be used effectively in a cloud environment. Using this paper, I tried to explain how to mitigate the impact of the cloud on computer forensics. So, with reference to this paper, I have tried to explain the identification, collection, acquisition and preservation of evidence from the cloud environment. There are four steps mentioned in ISO 27037 for the purpose of collecting and analyzing evidence: identification, collection, acquisition and preservation. So here we will discuss all these methods in the cloud computing environment[21].5.1.1 IdentificationIdentifying objects that can be used as potential evidence is the first step of the investigation. In a standard environment, it is very easy to identify any device or object that can be used as evidence. But in case of cloud, it is not so simple. So, with reference to this document, a solution to this problem has been suggested. The documents or devices that can be identified as potential evidence vary depending on the service layers because the cloud provides three types of services SaaS, PaaS and IaaS. Thus, for each of these service layers the identification of evidence and sources that can be used as evidence will be different. In the Software as a Service (SaaS) layer, the following elements can be identified as evidence • Data logs application • Session logs • IP addresses • Activity logs All of those mentioned above can be used as potential evidence for investigative purposes. As application logs will store information about the activity performed by these applications, who used this application, etc. Session logs will store information relating to the time the session was created and ended. The user's IP address can be used as evidence as it will tell us who the user was and from where this service was used.