Emit Volatility and Rekal profiles

[K2]

@volatilityfoundation Volatility requires code to be developed / written and requires the user to know the kernel version of memory dumps being analyzed see;

volatilityfoundation/volatility#493 volatilityfoundation/volatility#490 volatilityfoundation/volatility#489 volatilityfoundation/volatility#473 volatilityfoundation/volatility#451 volatilityfoundation/volatility#383

@Google Rekal is better however there exists problems due to the lack of support for PDB client tools on Linux or other platforms. And it still requires users to extract disk files or have them on hand or pre-generated.

google/rekall#305 google/rekall#228

The use of hard coded profiles and names or even extracting these profiles from disk binaries place an excessive burden on users and inhibit automation (i.e. they require knowledge about the memory dumps version). The user of forensic analsysis tools does not often perform memory dumping and may have been provided a dump without that information, automating this process will streamline and reduce errors in these case also.

As this information is technically not required and consideration the release cycle of Windows is now quite frequent. Supporting these tools seems like it would help a lot of people and robot's get their jobs done without failure.

This will have the added side effect of expanding the existing capability of these tools considerably due to the expansive information included in the symbol information. Future versions may expand support for additional modules beyond what's required (essentially only NT! is needed for the purposes of Vola/Rekal).

[kosherpork]

+1. I didn't realize running into issues like https://github.com/volatilityfoundation/volatility/issues/489 wasn't a technical limitation. If its possible to run volatility and rekall without profiles everyone will benefit.