Now a day’s for authentication of system user can used login id and password as login pattern but it was not secure create pattern is one of the weak point of computer security as user will be share login pattern with the coworker’s for the complete one of the task and it will be valid attacker of system, As using intrusion detection systems and firewalls identify and isolate harmful behaviors generated from the outside world we can find out internal attacker of the system only. In some of the studied define examine that system calls generated by some commands and these command help to find detect accurate attacks. As using forensic technique and data mining at SC level HIDS, is help to detect internally attacks.  For the track the information of users usages the HIDS creates users’ personal profiles as their forensic features and investigate that the valid login user is account holder can login or not by comparing his/her current computer usage behaviors with the patterns collected in the account holder’s personal profile.