Anti-Forensics
Account Misuse
Clear Browser Artifacts
Clear Email Artifacts
Decrease Privileges
Delayed Execution Triggers
Delete User Account
Deletion of Volume Shadow Copy
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Hiding or Destroying Command History
Log Deletion
Log Modification
Modify Windows Registry
Network Obfuscation
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Stalling
Steganography
System Shutdown
Timestomping
Tripwires
Uninstalling Software
Virtualization
Windows System Time Modification
- ID: AF001.002
- Created: 25th May 2024
- Updated: 23rd October 2025
- Platforms: LinuxMacOS
- MITRE ATT&CK®: T1070.003T1070
- Contributor: The ITM Team
Clear Bash History
A subject clears bash terminal command history to prevent executed commands from being reviewed, disclosing information about the subject’s activities.
The Command Prompt on Windows only stores command history within the current session, once Command Prompt is closed, the history is lost.
On Linux-based operating systems different terminal software may store command history in various locations, with the most common being /home/%username%/.bash_history. Using the command history -c will clear the history for the current session, preventing it from being written to .bash_history when the session ends.
On MacOS the Terminal utility will write command history to /Users/%username%/.zsh_history or /Users/%username%/.bash_history based on the operating system version.
Preventions (1)
Detections (2)
MITRE ATT&CK® Mapping (2)
ATT&CK Enterprise Matrix Version 18.1