Anti-Forensics
Account Misuse
Browser or System Proxy Configuration
Clear Browser Artifacts
Clear Operating System Logs
Decrease Privileges
Delete User Account
Deletion of Volume Shadow Copy
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Hiding or Destroying Command History
Log Tampering
Modify Windows Registry
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Steganography
System Shutdown
Timestomping
Tripwires
Uninstalling Software
Virtualization
Windows System Time Modification
- ID: AF001.003
- Created: 14th July 2025
- Updated: 14th July 2025
- Platform: Linux
- Contributor: The ITM Team
PYTHONHISTORY Environment Variable Null
A subject modifies the PYTHONHISTORY system environment variable used to designate the .python_history file location to equal /dev/null, resulting in it not being written to disk, denying access to this artifact for investigators.
This can be achieved on a per-session basis using the command PYTHONHISTORY=/dev/null python, or permanently by modifying a shell configuration file (such as ~/.bashrc or ~/.zshrc) to include the line export PYTHONHISTORY=/dev/null.