Add artifacts for Powershell command history and logs

[sa3eed3ed]

Some of the interesting artifacts (availability may depend on PS version and configurations):

• Powershell Command History
  %%users.userprofile%%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

• PowerShell Transcript: For PowerShell versions 2, 3, 4 & 5
  If configured, records transcript of everything entered during a PowerShell session + command output
  Default Path: %%users.homedir%%\My Documents\PowerShell_transcript..txt

• Script Block logging
  Microsoft-WindowsPowerShell%4Operational.evtx
  Event number: 4103, 4104
  Logs suspicious scripts by default in PS v5

• Authenticating User
  Microsoft-WindowsPowerShell%4Operational.evtx
  53504

• Local initiation of powershell
  Microsoft-WindowsPowerShell%4Operational.evtx
  40961, 40962