1 Introduction

The targeted attacks to aim to steal information from government and municipal offices and specific enterprises and individuals keep increasing every year, and the way of the attack is becoming clever more and more. In the targeted attacks the attacker obstinately attacks the target after investigating it enough beforehand and the risk that the malware (malicious and illegal codes) intrude into an internal network rises. Therefore, there is a pressing need for countermeasures predicted on malware intrusion. It is important to detect the attack activity as soon as possible and make a suitable response to suppress damage to the minimum before the attack extends. To achieve appropriate response, the authors developed the high-speed forensics technology that promptly analyzes the situation of damage after the attack had been detected. Up to now it had taken long time for the analysis of the security incident and accident, but it is able to do it by applying the high-speed forensic technology in a short time and take inclusive measures promptly before damage expands.