The massive web logs to data mining and server data, access to the network forensics, based on the analysis of criminal evidence has great application value. Traditional data acquisition system, the main increase to filter network forensics data processing module, increase the accuracy of sampling system, there are long acquisition time, the problem of low efficiency. Based on weak association mining network forensics data acquisition system design method of the overall design description of network forensics data acquisition system and technical index analysis. And on this basis, the design is based on the data network forensics is feature extraction of weak association rules mining algorithm, and realize the network forensics accurate detection and data acquisition. On the embedded Linux platform for network forensics data acquisition system software development and system design. Experimental results show that the system of criminal evidence in web logs and server data to obtain evidence collection, its reliability is higher, forensics data acquisition precision is higher than the traditional method, shows a good application value.