New tool: convert-ts-bash-history.py, (Fri, Sep 26th)

In SANS FOR577&#;x26;#;x5b;1&#;x26;#;x5d;, we talk about timelines on day 5, both filesystem and super-timelines. but sometimes, I want something quick and dirty and rather than fire up plaso, just to create a timeline of .bash&#;x26;#;x5f;history data, it is nice to just be able to parse them and, if timestamps are enabled, see them in a human-readable form. I&#;x26;#;39;ve had some students in class write scripts to do this and even had one promise to share it with me after class, but I never ended up getting it so I decided to write my own. This script takes the path to 1 or more .bash&#;x26;#;x5f;history files and returns a PSV (pipe separated values) list (on stdout) in the form: || where the is in ISO-8601 format (the one true date time format, but only to 1 sec resolution since that his the best that the .bash&#;x26;#;x5f;history file will give us). In a future version I will probably offer an option to change from PSV to CSV.