- stores a complete list of all commands entered by the user at the Unix command prompt
- Usually stored in users’ home directories
- Attacker may configure the length of the shell history file to be zero but may raise suspicion
- Careful attacker will remove unwanted lines from the history file via VI editor