THE DFIR BLOG
Menu

MacOS Forensics

Bash History File

4/5/2018

 
Bash History file is very useful for investigation purposes. 
Location: /Users/<username>/.bash_history
- Usually it stores upto last 500 Bash Command but sometimes in live response/collection - you may get little more. 
  • It's a hidden file
  • It's only get created if user use Terminal App
  • By default - There is no timestamp but you can add one please see this post: 
http://www.4n6world.com/blog/how-to-add-timestamp-to-bash-history-in-mac


Comments are closed.

    Archives

    May 2024
    July 2019
    April 2018

    Categories

    All
    Mac Forensics
    Plist

    RSS Feed

  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me
  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me