AbstractThe current computer forensics approaches mainly focus on the network actions capture and analysis the evidences after attacks, which always result in the static methods. Inspired by the theory of artificial immune systems (AIS ), a novel model of Computer Forensics System is presented. The concepts and formal definitions of immune cells are given, and dynamically evaluative equations for self, antigen, immune tolerance, mature-lymphocyte lifecycle and immune memory are presented, and the hierarchical and distributed management framework of the proposed model are built. Furthermore, the idea of biology immunity is applied for enhancing the self-adapting and self-learning ability to adapt continuously variety environments. The experimental results show that the proposed model has the features of real-time processing, selfadaptively, thus providing a promising solution for computer forensics.