Self-hosted cloud storage platforms like Nextcloud are gaining popularity among individuals and organizations seeking greater control over their data. However, this shift introduces new challenges for digital forensic investigations, particularly in systematically analyzing both client and server components. Despite Nextcloud's widespread use, it has received limited attention in forensic research. In this work, we critically examine existing cloud storage forensic frameworks and highlight their limitations. To address the gaps, we propose an extended forensic framework that incorporates device monitoring and leverages cloud APIs for structured, repeatable evidence acquisition. Using Nextcloud as a case study, we demonstrate how its native APIs can be used to reliably access forensic artifacts, and we introduce an open-source acquisition tool that implements this approach. Our framework equips investigators with a more flexible method for analyzing self-hosted cloud storage systems, and offers a foundation for further development in this evolving area of digital forensics.

翻译：自托管云存储平台（如Nextcloud）正日益受到寻求更高数据控制权的个人和组织的欢迎。然而，这一转变给数字取证调查带来了新的挑战，尤其是在系统分析客户端和服务器组件方面。尽管Nextcloud已被广泛使用，但它在取证研究领域受到的关注有限。在本研究中，我们批判性地审视了现有的云存储取证框架，并指出了它们的局限性。为填补这些空白，我们提出了一种扩展的取证框架，该框架整合了设备监控功能，并利用云API实现结构化、可重复的证据采集。以Nextcloud为案例研究，我们展示了如何利用其原生API可靠地访问取证痕迹，并介绍了一款实现此方法的开源采集工具。我们的框架为调查人员提供了一种更灵活的分析自托管云存储系统的方法，并为这一不断发展的数字取证领域的进一步研究奠定了基础。