Module bash_history 

Bash command history extraction from memory byte slices.

For memory-forensic purposes we use string-extraction heuristics: scan for printable ASCII lines that look like shell commands. This is medium-agnostic — the caller provides raw bytes extracted from a process heap, a swap fragment, or a hibernation image.

Structs

BashHistoryEntry

A single bash command history entry recovered from memory.

Functions

classify_bash_command

Classify a bash command string for forensic significance.

extract_bash_history_from_bytes

Extracts bash command history strings from a raw byte slice.