In view of the shortages of some dynamic forensics model at present, this paper designs a dynamic forensics system in distributed network forensics model based on Windows platform, which can realize obtaining evidence on the computers that plays a dual role on the network as crime goals and crime tools, and have the characteristic of real-time accessing various data sources, forensics process secretive, forensic analysis algorithm extensible etc. This paper introduces the designing of each function module in the dynamic forensics system at first. Second, it lays out the key technology that appears in the design process of the system. Finally, simulation test indicates that the system can realize dynamic forensics in Windows network.