plaso

# Generates a plaso database, parsing all artefacts available.
log2timeline.py --storage-file <OUTPUT_PLASO_DB> <EVIDENCE_FILE | EVIDENCE_FOLDER>

# Generates a plaso database through Docker, parsing all artefacts available.
docker run -v <HOST_SHARED_FOLDER>:<CONTAINER_SHARED_FOLDER> log2timeline/plaso log2timeline --storage-file <CONTAINER_SHARED_FOLDER>/<OUTPUT_PLASO_DB> <CONTAINER_SHARED_FOLDER>/<EVIDENCE_FILE | EVIDENCE_FOLDER>

# lists the available parsers.
log2timeline.py --parsers list

# Generates a plaso database, using all parsers except the filestat parser (useful for triaged data parsing).
log2timeline.py --parsers '!filestat' --storage-file <OUTPUT_PLASO_DB> <EVIDENCE_FILE | EVIDENCE_FOLDER>

pinfo.py <OUTPUT_PLASO_DB>