Computer forensics investigates crimes on digital devices hard disk and any other digital storage devices to determine the evidence of any unauthorized access. Essentially, forensic investigators conduct forensic analysis with the help of different approaches (Static and Dynamic) and also tools like ProDiscover, Encase, Accessdata FTK and Autopsy to guarantee the security of a system in an organization. The process requires knowledge of different registry, laws, and regulations related to computer crimes, the operating system (Windows, Linux, etc.) and the network in an organization (e.g., Win NT). In this paper we will use different forensic tools to extract forensic evidence from a windows environment.