A software-based security agent that hooks into the operating system of a computer device in order to continuously audit the behavior and conduct of the end user of the computer device. The detected actions of the end user can be stored in a queue or log file that can be continuously monitored to detect patterns of behavior that may constitute a policy violation and/or security risk. When a pattern of behavior that may constitute a policy violation and/or security risk is detected, an event may be triggered. A frequency vector string matching algorithm also is disclosed. The frequency vector string matching algorithm may be used to detect the presence or partial presence of subject strings within a target string of alphanumeric characters. The frequency vector string matching algorithm could be used to detect typos in stored computer records or to search for records based on partial information. In addition, the frequency vector string matching algorithm could be used to search communications for sensitive information that has been manipulated, obscured, or partially elided. In addition, an anomaly analysis is disclosed for comparing behavior patterns of one user against the behavior patterns of other users to detect anomalous behaviors.