With the advent of the information age, some criminals always tend to query information from the Internet before they engaged in criminal activity. So the browser they used has become the key to the forensics of judicial authorities. Whether we can extract the effective evidence of crime depends on the forensics method of browser. This article introduces the forensics technology of Firefox and IE browser which are the current mainstream browsers, outlined the browser temporary file structure, such as the IE cache file and the SQLite database log files of the Firefox, proposed information recovery method. It can collect evidence and analyze the user's behavior by extract the information of the deleted log files or cache files.