Is it possible to run the plaso module and export those results as a csv, as if you ran plaso and log2timeline?
If you run the Plaso ingest module then you are half way to what you want. After the Plaso module has been run the Plaso storage file will be in the the following directory //ModuleOutput/Plaso/<Date/time of Run>. The storage file is named plaso and to get a CSV file from it you just need to run psort against it. If you do not have psort installed on your system then you can get it from your Autopsy install, it is located in C:\ Program Files<Autopsy-\autopsy\plaso<version>\psort.exe. The command to run to create the CSV file is psort -o l2tcsv -w .
Hope this helps.
Mark
Awesome Mark, will try it out, that helps a lot! Hoping there will be a feature in Autopsy sometime in the future to automate this and limit by date parameters…
Some of the Plaso data is imported into Autopsy and part of the timeline feature of Autopsy so you can try and see if that meets your needs.