With the spread use of the computers, a new crime space and method are presented for criminals. Thus computer evidence plays a key part in criminal cases. Traditional computer evidence searches require that the computer specialists know what is stored in the given computer. Binary-based information flow tracking which concerns the chan-ges of control flow is an effective way to analyze the behavior of a program. The existing systems ig-nore the modifications of the data flow, which may be also a malicious behavior. Thus the function rec-ognition is introduced to improve the information flow tracking. Function recognition is a helpful technique recognizing the function body from the software binary to analyze the binary code. And that no false positive and no false negative in our experi-ments strongly proves that our approach is effec-tive.