Can you modify the Plaso extension to enable users to customise the command line used by Plaso?
Currently, the command is set to this. This is good as a default, but for those who are familiar with Plaso, there is better tuning that can be done, based on the type of investigation being conducted.
I want the ability to tune the command line used for the Plaso execution, as I don’t always want Plaso to run psteal.py. Additionally, I’d like to be able to tune the parsers used by Plaso or provide it with a filter file to speed up the time it takes Plaso to execute.
This could be done by providing a text field in the extension that allows for overriding the psteal.py command.