If you do any kind of information digging or intelligence processing (and you most definitely should), then you may have wondered if there are tools out there to make things a bit easier, whether that be software that collates the info, organizes it, or helps you make decisions based upon the information.
The short answer is yes…and no. There’s no substitute for the critical thought process that you need to employ in order to turn raw information into actionable intelligence, and yet there are tools out there that can make the various phases of collection and assessment more efficient. Efficiency is a big deal during the intelligence process; wasted action is wasted time, and you don’t always have the luxury of wasting time. It’s important that you understand both the intelligence process and how to best leverage it to gain the maximum effectiveness out of the most efficiently performed steps.
One of the collection tools out there is Buscador. It’s actually not one tool, but an entire virtual machine designed to assist with online investigations. Whether you’re digging into someone’s background (or present), following a money trail around to expose corrupt lawmakers, looking for a specific piece of information, or a hundred other things, Buscador is meant to help you do that.
First, a bit of self-selection.
- If you use the word “vetting” to describe checking a social media timeline and doing a quick background check…
- If you use the word “intel” to refer to pieces of gossip you heard from so-and-so…
- If you typically ignore learning about intelligence because you don’t think it’s a necessary skill…
- If you think there is absolutely no possible way any of the guys in your activism group could be an opposition infiltrator, unsavory character, or federal agent…
…then you have a choice to make. Do you go through Door #1 and risk learning that you’re wrong while making an effort to fix that? Or do you sit down right where you’re at and refuse to go any further?
If the above somehow offended or angered you, that’s your answer. For the rest of you, read on.
What is Buscador?
Buscador Investigative OS is a virtual machine with a lot of collection tools installed in it. If you’re not familiar with virtual machines, you can read more here–in the meantime, just think of a VM as kind of like a computer within your computer. Buscador is somewhat like a second computer, with a whole bunch of awesome tools, that runs on your existing computer, and unless you specifically set it up to talk to your existing system, it’s compartmentalized so that anything you’ve done within it stays there. It’s like having a Vegas area in your computer, except it’s not going to get drunk again later and bring up the secret stuff you did there like your friends do.
Note: You should, if at all possible, have Buscador on a bootable flash drive that you can plug in and work from anywhere, such as a library not near your home, an internet cafe that isn’t one of your normal haunts, etc. If that’s not possible, at least take the minimum precautions for such work, such as running a VPN, having a dedicated Thinkpad, etc.
If you’re not currently set up to run a virtual machine — and if you have to wonder, then you aren’t — go to Virtualbox and download their free program. That will give you the framework you need in order to run Buscador.
The OS was designed by David Westcott and Michael Bazzell. You might recognize Bazzell’s name; he’s written several books on open source intelligence, personal privacy, and more. Bazzell spent 10 years assigned to the FBI’s Cyber Crimes Task Force, and is now a tech advisor on the show Mr. Robot.
Before I go further, I’ll answer the obvious question: Is Bazzell’s background in law enforcement a reason to not trust his OS? Well, there’s always a risk in every single electronic tool that exists. There’s a reason I said use a bootable flash drive that you can plug into places that are not your systems and your known locations. Everything is a trade to some extent; for some people, using it at home will be no big deal. For others, it could be a life or death situation. Use your judgment when deciding how much risk to accept, and for what. That’s a good thing to consider during your critical information analysis, by the way; if you’re so inclined, it might also be a good reason to learn how to assess linux distros. I personally use the OS on a bootable flash drive, only in a refurbished Lenovo Thinkpad with no hard drive, that is dedicated to running Buscadero.
The first thing you’ll notice about Buscadero is that it’s clean and well-organized. Everything is in its place, and the various tools are easy to find. I’ve seen so-called “custom” operating systems that are nothing of the sort, including a few that claim to be all about privacy while miraculously turning on Bluetooth, NFC, and every other phone-home capability. What’s nice here is that by default, it’s compartmentalized as a virtual machine.
Buscadero runs custom versions of Firefox, Chrome, and Tor as well. Here’s a list of the add-ons the version of Firefox is running:
- Bulk Media Downloader
- Copy All Links
- Exif Viewer
- Google Translator for Firefox
- HTTPS Everywhere
- Image Search Options
- Nimbus ScreenCapture
- Resurrect Pages
- uBlock Origin
- User-Agent Switcher
- Video DownloadHelper
You can check out each of those tools on your own; you might be familiar with many of them, but there are a few extra things here, like Resurrect Pages, that are pretty useful.
Buscadero has a number of other tools already installed that can jumpstart your collection activities such as Maltego CE. If I could choose one tool and one tool only for tracking networks, groups, people, and keeping track of an incredible amount of information while also being able to find and exploit links between people and entities, it’d be this one.
Other tools include:
- video acquisition and manipulation
- penetration testing
- harvesting data from websites, such as IP address, hidden email addresses, entire copies of them, copies of all backend files, much more.
- photo EXIF data tools
- IMINT tools
- password tools
- social media tools that will pull every photo or piece of data from a profile
The list is pretty extensive. If you’re familiar with Kali Linux then you’ve probably seen some of these tools before. There are plenty you probably haven’t seen, however, and looking into everything in the OS will keep you busy for a while.
But is Buscadero Easy to Use?
Again, the answer is yes and no. If you’re already doing online intelligence work, then this is going to be a pretty spiffy tool that may make your workflow more efficient. If, however, you are just now seeing the light and getting started on either Linux or the tools inside, there’s going to be a bit of a learning curve.
I would suggest starting with the custom Firefox, and looking through the new capabilities there before branching out into some of the other tools in the OS. If you already use those, move on to trying some of the social media tools, and get familiar with Maltego.
To install, just follow the directions at Bazzell’s site. I do need to echo his admonition about taking a snapshot of the VM as soon as you get it installed and setup. That way, if/when you jack it up somehow, you can go back to a fresh install without having to actually go through the annoyance of a reinstall.
Buscador is worth the 3.5 GB download, if for no other reason than it’s worth having a VM that’s already set up for intelligence collection. As I’ve mentioned, there is inherent risk anytime you use someone else’s product, and if that product is free, you should also pay close attention. If you’re already doing intelligence collection, whether that be as part of a community scenario, you’re vetting people for your group, etc., it’s a solid grab. If you’re just starting out, it’s still a solid grab. Just understand that you’re also signing up to do a bit of research and learning in order to leverage it correctly.
Get it for VirtualBox here.