In　this　article,　we　propose　a　novel　method　that　uses　vulnerability　evidence　reasoning　in　network　forensics　analysis.　Central　to　our　method　is　the　evidence　graph　model　to　support　evidence　presentation　and　reasoning.　Based　on　the　evidence　graph,　we　propose　a　network　forensics　method　that　built　the　evidence　graph　on　the　basis　of　the　network　system　vulnerabilities　and　environmental　information.　At　the　same　time,　the　proposed　method　can　realize　the　reconstruction　of　attack　scenarios　with　high　efficiency　and　with　the　capability　of　identifying　multi-staged　at-tacks　through　evidence　reasoning.　Results　of　the　experiment　that　we　conducted　would　show　that　the　proposed　method　is　complete　and　credible　with　certain　reasoning　ability,　which　can　be　a　powerful　tool　for　rapid　and　effective　network　forensic　analysis.