Timeline output is currently in a SQLite file. The date column is a string in RFC 3339 while many tools expect it to be in `ISO 8601'. That said many tools don't recognize SQLite as input. Suggestion is to leave the current SQLite output as is since some users may be using its output for ingestion to other tools, and create new output file options for allowing ingestion into some of the common tools from wider used formats.
Timeline output is currently in a SQLite file. The date column is a string in
RFC 3339while many tools expect it to be in `ISO 8601'. That said many tools don't recognize SQLite as input. Suggestion is to leave the current SQLite output as is since some users may be using its output for ingestion to other tools, and create new output file options for allowing ingestion into some of the common tools from wider used formats.Tools and Formats
Timesketch with CSV
https://github.com/google/timesketch/blob/master/docs/guides/user/import-from-json-csv.md
TLN Format
https://windowsir.blogspot.com/2009/02/timeline-analysis-pt-iii.html
IEF (Axiom?) with TLN
https://docs.magnetforensics.com/docs/ief/html/Content/en-us/ief/View_Artifact_Activity_Graphically.htm