In this technological world one of the general method for user to save their data is cloud. Most of the cloud storage company provides some storage space as free to its users. Both individuals and corporate are storing their files in the cloud infrastructure so it becomes a problem for a forensics analyst to perform evidence acquisition and examination. One reason that makes evidence acquisition more difficult is user data always saved in remote computer on cloud. Various cloud companies available in the market serving storage as one of their services and everyone delivering different kinds of features and facilities in the storage technology. One area of difficulty is the acquisition of evidential data associated to a cybercrime stored in a different cloud company service. Due to lack of understanding about the location of evidence data regarding which place it is saved could also affect an analytical process and it take a long time to speak with all cloud service companies to find whether data is saved within their cloud. By analyzing two cloud service companies (IDrive and Mega cloud drive) this study elaborates the various steps involved in the activity of obtaining evidence on a user account through a browser and then via cloud software application on a Windows 7 machine. This paper will detail findings for both the Mega cloud drive and IDrive client software, to find the different evidence that IDrive and the mega cloud drive leaves behind on a user computer. By establishing the artifacts on a user machine will give an overall idea regarding kind of evidence residue in user computer for investigators. Key evidences discovered on this investigation comprises of RAM memory captures, registry files application logs, file time and date values and browser artifacts are acquired from these two cloud companies on a user windows machine.