The invention discloses a digital evidence obtaining system based on a Linux environment. The system is composed of a host operation trace investigation module, a network operation trace investigation module, a log information investigation module, a memory information investigation module and an evidence fixing module. The host operation trace investigation module comprises a basic operation investigation function and an application information investigation function. The network operation trace investigation module comprises the basic operation investigation function, a network cache investigation function and a network application state investigation function. The log information investigation module comprises a log file analysis and storage function and a keyword search module. The memory information investigation module dumps a memory through adoption of an fmem tool and realizes memory information investigation through combination of a system tool. The evidence fixing module carries out hash processing on an original evidence file and a processed database file. According to the system, workloads of an evidence obtaining investigator are effectively reduced, concepts of evidence obtaining tool engineering and evidence fixing are introduced, and an evidence obtainer is prevented from illegally modifying an evidence file.