Recently, A malware is increasing for leaking personal data, credit information, financial information, etc. The secondary damage is also rapidly increasing such as the illegal use of stolen name, financial fraud, etc. But when a system is infected by a malware of leaking information, the existing malware evidence collection modules do not provide evidences conveniently or sometimes cannot provide necessary evidences. So security officials have much difficulty in responding to malwares. This paper analyzes the current status and problems of the existing evidence collection module and suggests new ways to improve those problems.