Today, straightforward computer and network forensics techniques cannon satisfactory performance for cloud forensics in conventional cloud based systems. The complexity of cloud computing as well as crime incident reconstruction, cloud instance isolation, and data provenance, is the reason behind this. This study aims is to support investigators and Cloud Service Providers (CSP) in understanding how to accomplish cyber forensic investigations in the cloud environment. In this research, a digital investigation procedure is recommended for use in analyzing large volumes of cloud data logs to support the reconstruction of criminal events' timelines in the cloud instance. A forensic framework is suggested and implemented using Apache Spark to perform the analysis process of log data. As such, data from cloud based committed during a particular time can be analyzed and extracted to help digital investigators in their investigations. The framework was also evaluated interactively using custom-built scenarios.