Network　forensics　is　a　security　infrastructure,　and　becomes　the　research　focus　of　forensic　investigation.　However　many　challenges　still　exist　in　conducting　network　forensics:　network　has　produced　large　amounts　of　data;　the　comprehensibility　of　evidence　extracting　from　collected　data;　the　efficiency　of　evidence　analysis　methods,　etc.　To　solve　these　problems,　in　this　paper　we　develop　a　network　intrusion　forensics　system　based　on　transductive　scheme　that　can　detect　and　analyze　efficiently　computer　crime　in　networked　environments,　and　extract　digital　evidence　automatically.　At　the　end　of　the　paper,　we　evaluate　our　method　on　a　series　of　experiments　on　KDD　Cup　1999　dataset.　The　results　demonstrate　that　our　methods　are　actually　effective　for　real-time　network　forensics,　and　can　provide　comprehensible　aid　for　a　forensic　expert.