In this article, the implementation of tracing file trajectory is described in details. The solution of the tracing system based on tracing file trajectory is also provided. Taking advantages of transparent encrypt, which is based on the windows file system filter driver, the file trajectory is tracing as follows: the file is unable to be accessed once the tracing file is taken out of the working security domain. Only when the file in the security domain and the process is secure at the same time, it can be accessed by the handler. The tracing system will record all information about the operations on the file, besides log of the submission to the server. According to the processes above, the file trajectory is tracing on time, and hence can put an end to the dangerous operations. It is convenient to analyze and audit the results.