DFIR Blog
  • Infosec
    • Blog
    • CISSP
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • Contact

InvesTigations & Analysis

Bash History File

4/5/2018

 
Bash History file is very useful for investigation purposes. 
Location: /Users/<username>/.bash_history
- Usually it stores upto last 500 Bash Command but sometimes in live response/collection - you may get little more. 
  • It's a hidden file
  • It's only get created if user use Terminal App
  • By default - There is no timestamp but you can add one please see this post: 
http://www.4n6world.com/blog/how-to-add-timestamp-to-bash-history-in-mac


Comments are closed.

    Archives

    July 2019
    April 2018

    Categories

    All
    Plist

    RSS Feed

  • Infosec
    • Blog
    • CISSP
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • Contact