Showing papers on "Digital evidence published in 2008"

Organised crime groups in cyberspace: a typology

Abstract: Three categories of organised groups that exploit advances in information and communications technologies (ICT) to infringe legal and regulatory controls: (1) traditional organised criminal groups which make use of ICT to enhance their terrestrial criminal activities; (2) organised cybercriminal groups which operate exclusively online; and (3) organised groups of ideologically and politically motivated individuals who make use of ICT to facilitate their criminal conduct are described in this article. The need for law enforcement to have in-depth knowledge of computer forensic principles, guidelines, procedures, tools, and techniques, as well as anti-forensic tools and techniques will become more pronounced with the increased likelihood of digital content being a source of disputes or forming part of underlying evidence to support or refute a dispute in judicial proceedings. There is also a need for new strategies of response and further research on analysing organised criminal activities in cyberspace.

When is Digital Evidence Forensically Sound

Abstract: “Forensically sound” is a term used extensively in the digital forensics community to qualify and, in some cases, to justify the use of a particular forensic technology or methodology. Indeed, many practitioners use the term when describing the capabilities of a particular piece of software or when describing a particular forensic analysis approach. Such a wide application of the term can only lead to confusion. This paper examines the various definitions of forensic computing (also called digital forensics) and identifies the common role that admissibility and evidentiary weight play. Using this common theme, the paper explores how the term “forensically sound” has been used and examines the drivers for using such a term. Finally, a definition of “forensically sound” is proposed and four criteria are provided for determining whether or not a digital forensic process may be considered to be “forensically sound.”

Advances in Digital Forensics IV

Abstract: ADVANCES IN DIGITAL FORENSICS IV Edited by:IndrajitRayand Sujeet Shenoi Digital forensics deals with the acquisition, preservation, examination, analysis and presentation of electronic evidence. Networked computing, wireless communications and portable electronic devices have expanded the role of digital forensics beyond traditional computer crime investigations. Practically every crime now involves some aspect of digital evidence; digital forensics provides the techniques and tools to articulate this evidence. Digital forensics also has myriad intelligence applications. Furthermore, it has a vital role in information assurance -- investigations of security breaches yield valuable information that can be used to design more secure systems. Advances in Digital Forensics IV describes original research results and innovative applications in the emerging discipline of digital forensics. In addition, it highlights some of the major technical and legal issues related to digital evidence and electronic crime investigations. The areas of coverage include: - Themes and Issues - Evidence Recovery - Evidence Integrity - Evidence Management - Forensic Techniques - Network Forensics - Portable Electronic Device Forensics - Event Data Recorder Forensics - Novel Investigation Techniques - Forensic Tools This book is thefourth volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.9 on Digital Forensics, an international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The book contains a selection of twenty-eight edited papers from theFourth Annual IFIP WG 11.9 Conference on Digital Forensics, held at Kyoto University,Kyoto, Japanin the spring of 2008. Advances in Digital Forensics IV is an important resource for researchers, faculty members and graduate students, as well as for practitioners and individuals engaged in research and development efforts for the law enforcement and intelligence communities. Indrajit Rayis an Associate Professor of Computer Science at Colorado State University, Fort Collins, Colorado, USA. Sujeet Shenoi is the F.P. Walter Professor of Computer Science and a principal with the Center for Information Security at the University of Tulsa, Tulsa, Oklahoma, USA.

Validating digital evidence for legal argument

Abstract: Digital evidence is now common in legal cases, but the understanding of the legal fraternity as to how far conventional ideas of evidence can be extended into the digital domain lags behind Evidence determines the truth of an issue but its weight is subject to examination and verification through existing forms of legal argument There is a need for a practical ‘roadmap’ that can guide the legal practitioner in identifying digital evidence relevant to support a case and in assessing its weight A vital, but sometimes under estimated stage is that of validating the evidence before evaluating its weight In this paper we describe a process by which the validation of relevant evidence required for legal argument can be facilitated, by an interrogative approach that ensures the chain of reasoning is sustained

Two-Dimensional Evidence Reliability Amplification Process Model for Digital Forensics

Abstract: Being related to law and state-of-the-art technology, digital forensics needs more discipline than traditional forensics. The variety of types of crimes, distribution of networks and complexity of information and communication technology, add to the complexity of the process of digital investigations. A rigorous and flexible process model is needed to overcome challenges and obstacles in this area. In this paper we propose a digital forensics process, called "two-dimensional evidence reliability amplification process model", which presents a detailed digital forensic process model in five main phases and different roles to perform it. At the same time, this iterative process addresses four essential tasks as the umbrella activities that are applicable across all phases and sub-phases. We have also developed a hypothetical solution based on intersection of events and exploit mathematical operations and symbols for making an algorithm to increase the reliability of evidence. This process model is detailed enough to describe the investigation process so that it could possibly provide a guideline that investigators can take advantage of it during a forensics investigation process.

Digital Forensics: Digital Evidence in Criminal Investigations

Abstract: The vast majority of modern criminal investigations involve some element of digital evidence, from mobile phones, computers, CCTV and other devices. Digital Forensics: Digital Evidence in Criminal Investigations provides the reader with a better understanding of how digital evidence complements traditional scientific evidence and examines how it can be used more effectively and efficiently in a range of investigations. Taking a new approach to the topic, this book presents digital evidence as an adjunct to other types of evidence and discusses how it can be deployed effectively in support of investigations. The book provides investigators/SSMs/other managers with sufficient contextual and technical information to be able to make more effective use of digital evidence sources in support of a range of investigations. In particular, it considers the roles played by digital devices in society and hence in criminal activities. From this, it examines the role and nature of evidential data which may be recoverable from a range of devices, considering issues relating to reliability and usefulness of those data. Includes worked case examples, test questions and review quizzes to enhance student understanding Solutions provided in an accompanying website Includes numerous case studies throughout to highlight how digital evidence is handled at the crime scene and what can happen when procedures are carried out incorrectly Considers digital evidence in a broader context alongside other scientific evidence Discusses the role of digital devices in criminal activities and provides methods for the evaluation and prioritizing of evidence sources Includes discussion of the issues surrounding modern digital evidence examinations, for example; volume of material and its complexity Clear overview of all types of digital evidence Digital Forensics: Digital Evidence in Criminal Investigations is an invaluable text for undergraduate students taking either general forensic science courses where digital forensics may be a module or a dedicated computer/digital forensics degree course. The book is also a useful overview of the subject for postgraduate students and forensic practitioners.

Foundations of Digital Evidence

Abstract: This book provides you with a legal and practical approach to the new world of digital information. It has been described as a must have for litigation lawyers, corporate counsel and records managers who want to understand how to appropriately handle the digital information of an enterprise. The book provides an overview and history of digital evidence, as well as a thorough discussion of relevant issues, including how you can view and understand informational records, how to ensure that any digital record is authentic, identity issues and more.

Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop

Abstract: The aim of this conference is to bring together state of the art research contributions in the development of tools, protocols and techniques which assist in the investigation of potentially illegal activity associated with electronic communication and electronic devices Investigative practice and requirements for presentation of evidence in court are to be considered key underlying themes This includes discovery, analysis, handling and storage of digital evidence; meeting the legal burden of proof; and the establishment of the forensic chain of evidence

Combining Physical and Digital Evidence in Vehicle Environments

Abstract: Traditional forensic investigations of vehicles aims at gathering physical evidence since most crimes involving vehicles are physical. However, in the near future digital crimes on vehicles will most likely surge, and therefore it will be necessary to also gather digital evidence. In this paper, we investigate the possibilities of combining physical and digital evidence in forensic investigations of vehicle crime scenes. We show that digital evidence can be used to improve the investigation of physical crimes and, respectively, that physical evidence can be used to improve the investigation of digital crimes. We also recognize that by gathering purely physical or digital evidence certain crimes cannot be solved. Finally, we show that by combining physical and digital evidence it is possible to distinguish between different types of physical and digital crime.

Considerations Towards a Cyber Crime Profiling System

Abstract: The field of digital forensics is faced with a number of challenges, given the constant growth in technologies. The reliability and integrity associated with digital evidence from disparate sources is also a perpetual challenge, requiring considerable human interpretation in the reconstruction of any particular sequence of events. In this paper we present a framework for an integrity-aware forensic evidence management system (FEMS). In an effort to automate the analysis process, this system would provide investigators with a holistic view of the forensic evidence at hand; thereby providing insights into the quality of investigative inferences. The Biba integrity model is incorporated to preserve the integrity of digital evidence, while Casey's Certainty Scale is chosen as the integrity classification scheme. A finite state automaton (FSA) is used to model the behaviour of the FEMS. In so doing, cyber crime profiling is achieved.

Applying Public-Key Watermarking Techniques in Forensic Imaging to Preserve the Authenticity of the Evidence

Abstract: The traditional verifying evidence method in court is to check the integrity of the chain of custody of evidence. However, since the digital image can be easily transferred by Internet, it is not easy for us to keep the integrity of the chain of custody. In this article, we use the PKI (Public-Key Infrastructure), Public-Key Cryptography and watermark techniques to design a novel testing and verifying method of digital images. The main strategy of the article is to embed encryption watermarks in the least significant bit (LSB) of digital images. With the designed method, we can check the integrity of digital images by correcting public-key without side information and protecting the watermarks without tampering or forging, even the embedded method is open. Finally the proposed method can be applied in court to digital evidence testing and verification, and used to check the admissibility of digital image.

The Use of File Timestamps in Digital Forensics.

Abstract: Digital evidence is not well perceived by the human senses. Crucial pieces of digital evidence may simply be missed by investigators as the forensic significance of seemingly unimportant pieces of collected data may not be fully understood. This paper will discuss how abstract pieces of information may be extracted from seemingly insignificant evidence sources such a file timestamps by making use of correlating evidence sources. The use of file timestamps as a substitute for missing or corrupt log files as well as the information deficiency problem surrounding the use of timestamps will be discussed in detail. A prototype was developed to help investigators to determine the course of event as they occurred according to file timestamps. The prototype results that were obtained as well as prototype flaws will also be addressed.

Limewire examinations

Abstract: In the world of information sharing Limewire is one of the more popular means for exchanging illicit material and therefore often features in child pornography (CP) cases. In this paper we look at evidence that examiners have available to them, the artifacts left behind by installation and use of the Limewire client that will tell them what the user did and their intent behind that use. We will also look at tips and techniques for finding and extracting evidence from unallocated space, slack space and other corners of the digital evidence. Lastly we introduce a tool AScan that will allow the investigator to extract all the evidence and expand the investigation into the child pornography networks the suspect was a member of.

Using mobile ad hoc networks to acquire digital evidence from remote autonomous agents

Abstract: In this work, we report on one aspect of an autonomous digital evidence acquisition system that we are developing. Many a times forensic investigators need to operate autonomous agents remotely to acquire digital evidence. These autonomous systems periodically upload the evidence to a remote central server using a mobile ad hoc network. In such cases, large pieces of information need to be fragmented and transmitted in an appropriate manner. To support proper forensic analysis three properties need to be ensured for each fragment of evidence confidentiality during communication, authenticity and integrity of the data, and, most importantly, strong evidence of membership for fragments. Here, we describe the framework to provide these features that we have developed as part of a robot based system.

Recovery of Damaged Compressed Files for Digital Forensic Purposes

Abstract: Nowadays compressed files are very widespread and can be considered, without any doubt, with regard to the Digital Forensic realm, an important and precious source of probatory data. This is especially true when in a digital investigation the examiner has to deal with corrupted compressed files, which have been gathered in the collection phase of the investigative process. Therefore, in the computer forensic field, data recovery technologies are very important for acquiring useful pieces of data which can become, in a court of low, digital evidence. This kind of technology is used not only by law enforcement, but also by the multitude of users in their daily activities, which justify the relevant presence of tools in the software market which are devoted to rescue data from damaged compressed files. However, state-of-the-art data recovery tools have many limitations with regard to the capability of recovering the original data, especially in the case of damaged compressed files. So far, such recovery tools have been based on a which controls the signature/header of the file and, thus, provides the offset to the raw compressed data block. As a result, they cannot recover the compressed files if the first part of the raw compressed data block, which pertains to the header, is damaged or the signature/header block is corrupted. Therefore, in order to deal with this issue, we have developed a new tool capable of rescuing damaged compressed files, according to the DEFLATE compression scheme, even though the header block is missing or corrupted. This represents a new interesting opportunity for the digital forensic discipline.

Designing Laboratories for Small Scale Digital Device Forensics

Abstract: The ubiquity of small scale digital devices (SSDD), the public’s ever increasing societal dependence on SSDD, and the continual presence of SSDD at all types of crime scenes, including non-technical and violent crimes, demand a formalized curriculum for the education and training of future cyber forensic examiners. This paper presents the various SSDD forensics labs currently in use and under development for future use at the Purdue University Cyber Forensics Laboratory. The primary objective of each module is to provide specific real-world cases for the learning, comprehension, and understanding of hands-on investigative techniques and methodologies. The purpose of this paper is to outline those elements that will make effective Small Scale Digital Device Forensics labs.

A framework for computer forensics investigations involving Microsoft Vista

Abstract: The technical environment continues to change and impact the work of digital investigations. This research provides a framework within which computer forensics investigators can take advantage of new or different types of evidence from Microsoftpsilas Vista operating system (ldquoVistardquo). Moreover, this paper will also indicate the many challenges that investigators will encounter when faced with the Vista platform. The focus herein will be on changes associated with new security, encryption and file restoration features. These features vary according to the version of Vista and these differences will also be discussed. This research will also detail the integrity of data recovery procedures through detailed experiments used to identify how data could be manipulated by a perpetrator in Vista as compared to previous versions of Microsoftpsilas operating systems. Ultimately, this paper will indicate that enhancements in security and encryption associated with Encrypted File System (EFS) as well as BitLocker Drive Encryption are very problematic for investigators. Vista has serious implications for computer forensics investigations. Nevertheless, this research will guide the digital investigator through the labyrinth of new challenges, to effect a more thorough investigation of digital evidence.

A Virtual Digital Forensics Laboratory

Abstract: This paper discusses the concept of a virtual digital forensic laboratory, which incorporates networked examination and storage machines, secure communications, multi-factor authentication, role-based access control, and case management and digital asset management systems. Laboratory activities such as the examination, storage and presentation of digital evidence can be geographically distributed and accessed over a network by users with the appropriate credentials. The advantages of such a facility include reduced costs through shared resources and the availability of advanced expertise for specialized cases.

Catch Me If You Can: A Taxonomically Structured Approach to Cybercrime

Abstract: Introduction Jurisdiction and physical presence of a perpetrator and evidence form the basis of the majority of existing legal structures that address criminal issues. Tangible, physical evidence is the foundation on which most successfully prosecuted crimes rest. Digital evidence obtained from a cybercrime intrusion is volatile, difficult to obtain or present in court, and requires a certain amount of adaptation in order to be acceptable to most courts. These difficulties of application may be illustrated in more detail by examining specific comparisons of cybercrime incidents to existing laws, as well as procedural difficulties arising from determination of jurisdiction over a networked environment. Axelrod and Jay (1999, p. 14) give an example of suitable application to computer crime of an existing law. If a stolen password is used to gain unauthorized, local entry into a computer, this can be prosecuted as unauthorized use of a computer under New York State Computer Law [NYSCL], [section] 156.05 (1998). A different example described by Axelrod and Jay (1999, p. 14) is that of a distributed denial of service attack. A distributed denial of service attack [DDoS] occurs when a multitude of networked systems direct a massive quantity of network traffic (in the form of "packets") toward a single victim system. The deluge of packets can cause access to the victimized system to become unavailable to legitimate users. The use of computer trespass (NYSCL, [section] 156.10, 1998) would be realistically impossible to support in court, due to the untraceable nature of a DDoS attack. Computer tampering (NYSCL, [section] 156.20, 1998) would also be unlikely to help establish a case because, technically speaking, the intruder has not intentionally altered or destroyed computer data belonging to another person. When Axelrod and Jay's (1999) examples are examined, it can be seen that the "fit" between traditional law and applicability to the various network-related crimes are distinguished by the characteristic of remote connection; that is to say, the networked environment in which the crime takes place. As illustrated by Axelrod and Jay, unauthorized local physical access to a computer bears enough resemblance to the traditional laws governing trespass to allow prosecution. When certain characteristics inherently exclusive to the networked environment are introduced as in the case of a DDoS attack, laws crafted for a traditional, physical environment may prove to be difficult to apply when prosecuting the perpetrators even should the perpetrators be identified. Traditional law in the United States has yet to precisely define jurisdiction involving cybercrime. There is little precedent concerning determination of jurisdiction over actions which are performed remotely using the Internet as the medium for conveyance. In those cases where the United States justice system has adjudicated, "long-arm" statutes, which allow a state to extend jurisdiction to individuals or organizations not residing in that state, and local jurisdictional principals have been applied toward making decisions. Due to the paucity of jurisdiction cases involving cybercrime, there is currently a limited amount of law for policy makers or enforcement officers to reference. Berman (2004, p. 1821) argues that "territorially-based conceptions of legal jurisdiction may no longer be adequate" in pursuing offences committed in the virtual, global environment of the Internet and proposes a pluralistic concept of jurisdiction. Berman notes a selection of cybercrime cases in which United States judges have ruled according to United States law, assuming that because United States law may apply that it should apply. Berman's (2004) pluralist view detaches the jurisdiction process from territorial nation-states and places jurisdiction into the virtual state occupied by networked entities represented through the Internet. …

Memory-Based Antiforensic Tools and Techniques

Abstract: Computer forensics is the discipline that deals with the acquisition, investigation, preservation, and presentation of digital evidence in the court of law. Whereas antiforensics is the terminology used to describe malicious activities deployed to delete, alter, or hide digital evidence with the main objective of manipulating, destroying, and preventing the creation of evidence. Various antiforensic methodologies and tools can be used to interfere with digital evidence and computer forensic tools. However, memory-based antiforensic techniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence, and attack on computer forensic tools. These techniques are mainly performed in volatile memory using advanced data alteration and hiding techniques. For these reasons memory-based antiforensic techniques are considered to be unbeatable. This article aims to present some of the current antiforensic approaches and in particular reports on memory-based antiforensic tools and techniques.

A Method for Locating Digital Evidences with Outlier Detection Using Support Vector Machine

Abstract: One of the biggest challenges facing digital investigators is the sheer volume of data that must be searched in locating the digital evidence. How to efficiently locate the evidence relating to the computer crime while maintaining accuracy is becoming a research focus. In this paper, we introduce a two-tier method to automate the process of locating the digital evidence, which first employ a one-class Support Vector Machine (SVM) outlier detector to filter out insignificant records for forensic investigators and then use a group of one-class SVM classifiers (trained with the expert knowledge or interested samples for an investigator based on a different feature vector) to further analyze the output of the outlier detector to improve the accuracy of investigation. The effectiveness of the proposed method for locating digital evidence is demonstrated using the public datasets: KDD Cup99 (Knowledge Discovery and Data-mining) intrusion detection dataset.

Training and Education in Digital Evidence

Abstract: Digital forensics is a relatively new science that is becoming increasingly important as tech-savvy criminals use computers and networks in their illegal activities. Demonstrated competency in digital forensics requires a varied knowledge and skill set that includes an in-depth understanding of computer hardware and software, computer networks, forensic science, applicable local, state, and national laws, as well as the ability to communicate in both verbal and written forms. The purpose of this chapter is to provide the reader with an overview of education and training in digital forensics. Issues specifically addressed include differences between education and training; the “core competencies” of the digital forensics examiner; guidelines on the knowledge and skills students should expect to learn in a college/university educational program; a description of various types of training programs; as well as pointers to Web resources for current information on available educational and training programs.

System for analyzing forensic evidence using image filter and method thereof

Abstract: The present invention provides a system for analyzing forensic digital evidence using an image filter and a method thereof. The system for analyzing forensic evidence using an image filter includes: a duplicator that creates a copy of digital evidence; a verifying unit that discriminates whether a copy and the original of the digital evidence are the same; an original storage that stores the original of the digital evidence; an evidence analyzer that classifies image files for the copy of the digital evidence stored in the original storage, on the basis of an image filtering model created by a learning model in accordance with predetermined categories, and then analyzes the evidence; and a reporting unit that creates a report about the result of evidence analysis. The image evidence analyzer includes an image file extractor, an image filtering model learning unit, an image filter, and a plurality of analyzers.

Looking for digital evidence in Windows

Abstract: Digital evidence investigation is concerned with techniques of acquisition and analysis of data pertaining to some event or activity. This paper presents an introduction of this subject and describes various technical aspects of digital evidence techniques relevant to the Windows operating system.

An Evidence Acquisition Tool for Live Systems

Abstract: Evidence acquisition is concerned with the collection of evidence from digital devices for subsequent analysis and presentation. It is extremely important that the digital evidence is collected in a forensically-sound manner using acquisition tools that do not affect the integrity of the evidence. This paper describes a forensic acquisition tool that may be used to access files on a live system without compromising the state of the files in question. This is done in the context of the Reco Platform, an open source forensic framework that was used to develop the prototype evidence acquisition tool both quickly and efficiently. The paper also discusses the implementation of the prototype and the results obtained.

The adaptability of electronic evidence acquisition guides for new technologies

Abstract: The use of evidence acquisition guides for the identification and collection of electronic evidence is supported internationally as a means of providing best practice methodologies, as a legal framework and to ensure that sources of evidence are not tainted before examination and analysis can occur. This work seeks to analyse and discuss several of the more publicly known and available evidence collection guides as a means of determining how adaptable they are to modern devices and technologies; in particular, wireless and VOIP-based technologies.

Digital Searches, General Warrants, and the Case for the Courts

Abstract: Translating Fourth Amendment rules designed to regulate searches and seizures of physical property into rules that regulate digital investigations raises numerous questions. This Note seeks to address one narrow subset of the issues digital evidence collection presents: the execution of computer searches conducted pursuant to warrants, and the threat of general searches searches effectively unlimited in scope by the warrant--they raise. Both courts and academics have called attention to this risk of general searches, and many have proposed solutions that seek to preserve the Fourth Amendment's traditional balance between individual privacy and government need. However, a single workable rule remains elusive. While the proposed solutions do not provide answers in every context, many of the rules do have merit in specific factual situations. At least while digital technology continues to change at a rapid pace, lower courts should be encouraged to develop a toolbox of rules to address the problem. Reviewing courts should take the lead, exploring the contours and boundaries of the problem and developing different tools in various factual contexts through the process of common law decision-making. TABLE OF CONTENTS I. INTRODUCTION II. THE DEVELOPMENT OF FOURTH AMENDMENT JURISPRUDENCE. III. GENERAL SEARCHES: THE PROBLEM WITH DIGITAL INVESTIGATIONS IV. AN ELUSIVE SOLUTION V. THE CASE FOR THE COURTS VI. CONCLUSION I. INTRODUCTION Over the past several decades, computers have increasingly become an unavoidable part of everyday life. Since 1984, the number of U.S. households with a computer has grown more than eight-fold to sixty-six percent of all homes. (1) Over the last ten to fifteen years, courts and legal academics have been responding to this trend with increasing regularity, struggling to apply Fourth Amendment jurisprudence to the new contexts presented by these omnipresent tools. (2) Translating Fourth Amendment rules designed to regulate searches and seizures of physical property into rules that regulate digital investigations raises numerous questions. (3) This Note seeks to address one narrow subset of the issues digital evidence collection presents: the execution of computer searches conducted pursuant to warrants, and the threat of general searches--searches effectively unlimited in scope by the warrant--they raise. Both courts and academics have called attention to this risk of general searches, and many have proposed solutions that seek to preserve the Fourth Amendment's traditional balance between individual privacy and government need. However, a single workable rule remains elusive. While the proposed solutions do not provide answers in every context, many of the rules do have merit in specific factual situations. At least while digital technology continues to change at a rapid pace, lower courts should be encouraged to develop a toolbox of rules to address the problem. Reviewing courts should take the lead, exploring the contours and boundaries of the problem and developing different tools in various factual contexts through the process of common law decision-making. II. THE DEVELOPMENT OF FOURTH AMENDMENT JURISPRUDENCE In enacting the Fourth Amendment, former colonists were reacting to the outrages and abuses they had experienced under the British in the form of general warrants and writs of assistance. General warrants permitted searches and seizures without requiring individualized suspicion or describing the persons or items to be seized. (4) Such warrants were frequently issued to suppress political dissent both in England and in the American colonies; they authorized searches and seizures of all "trunks, studies, cabinets, and other repositories of papers" for evidence of seditious libel. (5) As Crown officials issued the warrants ex parte and as they had the effect of immunizing the officers who executed them against civil trespass suits, (6) general warrants were especially threatening to the colonists. …