The use of cloud computing and cloud-based services has increased sharply in the past decade. Regardless of many advantages, the extensive use of the cloud has also created a large attack platform, frequently exploited by cybercriminals, requiring real-time, automated detection and competent forensics tools for investigations. Evidence identification so far has been limited to performance studies on datasets that were created a long time ago and are not specific to cloud environments. In this paper, we introduce a novel dataset for cloud-specific evidence detection. The dataset has two categories: the monitoring database and the evidence database. The monitoring database has 43 features and 9610 records, whereas the evidence database has 360 memory dump files of around 280 GB which contain memory dumps of benign virtual machines and a hostile virtual machine. The dataset will be an important resource for evidence identification research in the cloud environment. © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.