The invention relates to a method for analyzing and extracting the client side evidences of Emails. Currently, a complete method for analyzing and extracting the evidence of an Email client side is not developed. The method comprises the following steps: firstly, the data file of the Email client side is read, and evidence is taken from a specified Email client side program and a user account; analysis and pre-processing are carried out to the data file, and the data file of the Email client side is analyzed; group classification is performed according to the session content of the Emails; intelligent searching is performed through key words; content analysis is performed to the related mails and Email threads and the involved users; the final Email evidence obtaining report is generated for the user to browse. The invention has the advantages that the speed of operation is high, the sensitive key words input by an investigator, the Emails and the Email clues which are related to various derivations of the key words and the involved users can be searched and matched, and the read-only mode is adopted for the original evidence. Therefore, the field is not damaged.