# Powershell History A lot of information can be gathered from the series of commands that were executed on a system. By default Windows Powershell history is limited, however enterprises enable this feature to log more information to analyse systems for threats. There are 2 types of logging mechanisms - Powershell Transcription and Powershell Script Block Logging. Transcription - The information is stored in transcript files that are often stored in the user's home directory or even in a centralized directory for all users. Script Block Logging - It records commands and blocks of script code as events while executing. This is more detailed logging as the code is also recorded. Here are some of the commands that can be used to gather info on past commands, ``` Get-History ``` Though the history can be cleared using the 'Clear-History' command, the commands recorded in 'PSReadline' is not erased. It can be retrieved using the following command, ``` #The storage path of the file can be retrieved using the following command, (Get-PSReadlineOption).HistorySavePath ``` The file can be read using the 'type' command. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.particle42.com/windows/enumeration/powershell-history.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.