Performing digital forensics in the cloud isn't necessarily a new discipline, says Rob Lee of SANS Institute. But the task definitely requires a whole new mindset and some new skills from investigators.

Change your mindset: Investigators need to move away from their standard expectation of collecting all of the data in the case by removing the hard drive or collecting a device into evidence. In the cloud you're not going to gather all-encompassing data from just one system because of all the remote locations where the data can be stored

Be flexible: Investigating artifacts in the cloud will require a creative approach to data collection. You are likely encounter new variables in every case due to differences in the systems and cloud providers.

From: Forensics in the Cloud podcast with Rob Lee for GovInfo Security