Abstract: To improve the algorithm complexity and the accuracy of reproduced scene, a new method for the evidence fusion of the network forensics on the hidden Markov models (HMM) is proposed. The feasibility of this method is expounded. By taking the sequence of the meta-evidence as the random observation sequence, and the network intrusion step as the random state sequence, the most likely network intrusion step is inferred by the decoding operation aimed at the sequence of the meta-evidence and the chain of the evidence is backtracked accordingly. When they are applied in the same problem, the algorithm complexity and the anti-interference ability of the proposed method are dramatically modified compared with the method of Bayesian network. Therefore, the proposed method has a good ability in the cost to reproduce the scene of the crime.