Expand description
PowerShell PSReadLine history (ConsoleHost_history.txt).
Plain one-command-per-line with no timestamps (Microsoft about_PSReadLine). A command spanning multiple lines ends each non-final physical line with a trailing backtick (PowerShell’s line-continuation char); the reader rejoins them. A leading UTF-8 BOM is stripped if present.
Note for the analyzer: PSReadLine refuses to persist lines containing
password/token/secret/apikey/asplaintext, so the absence of a
credential command here is not evidence it was never run — a coverage caveat,
never a negative finding.
Functions§
- parse
- Parse PSReadLine history bytes into entries (all timestamps
None).