According to official Chinese media sources, the Green Dam Youth Escort (GDYE) software is intended to protect young citizens from viewing unhealthy information on the Internet. However, critics maintain that GDYE has serious security vulnerabilities that allow hackers to take control of computers installed with GDYE. Critics also claim that the software is designed to collect user data and keystrokes for transmission to remote servers for unknown purposes. GDYE was originally mandated to be pre-installed on every computer sold in the People's Republic of China. However, the plan was suddenly shelved in the face of intense international media attention. This paper evaluates the GDYE software's advertised functions and additional non-advertised capabilities. As the software may have spyware and malware functionality, the evaluation monitored the software behavior in a specialized controlled environment. The analysis was performed from a forensics perspective to collect digital evidence and traces in order to prove or disprove that GDYE captures and disseminates private information.