Abstract: In order to conquer the high-latency and low-accuracy of traditional evidence collection method, we introduce a dynamic collecting mechanic, taking advantage of the rapid responsive, slow recovery characteristic of window function. We design a comprehensive evidence collection system, combining with evidence indicator, fluctuation evaluation, and dynamic evidence window, to rapidly follow the change of network. By math deduction and experimental testing, we verify the validity, accuracy and effectiveness of the system.