Network　intrusion　forensics　is　an　important　extension　to　present　security　infrastructure,　and　is　becoming　the　focus　of　forensics　research　field.　However,　comparison　with　sophisticated　multi-stage　attacks　and　volume　of　sensor　data,　current　practices　in　network　forensic　analysis　are　to　manually　examine,　an　error　prone,　labor-intensive　and　time　consuming　process.　To　solve　these　problems,　in　this　paper　we　propose　a　digital　evidence　fusion　method　for　network　forensics　with　Dempster-Shafer　theory　that　can　detect　efficiently　computer　crime　in　networked　environments,　and　fuse　digital　evidence　from　different　sources　such　as　hosts　and　sub-networks　automatically.　In　the　end,　we　evaluate　the　method　on　well-known　KDD　Cup　1999　dataset.　The　results　prove　our　method　is　very　effective　for　real-time　network　forensics,　and　can　provide　comprehensible　messages　for　a　forensic　investigators.