Journal of Information Security Research Wen Zhe Lu 9 1 2018 http://www.dline.info/jisr/fulltext/v9n1/jisrv9n1_3.pdf In recent years, many computer forensics theoretical methods have been developed to provide efficient means to counter computer crimes. Computer evidence must be accurate and thorough. A design of architecture of a forensics system is given in this design, and the log data is the key Computer evidence to analyse. One of the key issues this paper tries to resolve is the log-data integrity. In the system, CES algorithm is used to protect and verify the integrity of log data. Another key issue is how to analyse the computer evidence accurately. A timestamp-based multi-characters log analysis method is also discussed in this paper. This method is to realize and tag the relationship of time-line sequence which is a reasonable way to identify the user’s behaviour. The result comes out that the forensics technique will be more integrated and thorough.