Self-hosted cloud storage platforms like Nextcloud are gaining popularity among individuals and organizations seeking greater control over their data. However, this shift introduces new challenges for digital forensic investigations, particularly in systematically analyzing both client and server components. Despite Nextcloud's widespread use, it has received limited attention in forensic research. In this work, we critically examine existing cloud storage forensic frameworks and highlight their limitations. To address the gaps, we propose an extended forensic framework that incorporates device monitoring and leverages cloud APIs for structured, repeatable evidence acquisition. Using Nextcloud as a case study, we demonstrate how its native APIs can be used to reliably access forensic artifacts, and we introduce an open-source acquisition tool that implements this approach. Our framework equips investigators with a more flexible method for analyzing self-hosted cloud storage systems, and offers a foundation for further development in this evolving area of digital forensics.

翻译：自托管云存储平台（如Nextcloud）在寻求更高数据控制权的个人与组织中日益普及。然而，这种转变给数字取证调查带来了新的挑战，尤其是在系统分析客户端与服务器组件方面。尽管Nextcloud已被广泛使用，但它在取证研究领域受到的关注有限。本研究批判性地审视了现有的云存储取证框架，并指出了其局限性。为弥补现有不足，我们提出一个扩展的取证框架，该框架整合了设备监控功能，并利用云API实现结构化、可重复的证据获取。以Nextcloud为案例，我们演示了如何利用其原生API可靠地访问取证痕迹，并介绍了一款实现此方法的开源采集工具。该框架为调查人员提供了更灵活的自托管云存储系统分析方法，并为这一不断发展的数字取证领域的后续研究奠定了基础。