diff --git a/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.pdf b/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.pdf
index 6f1c56c..58b8a71 100644
Binary files a/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.pdf and b/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.pdf differ
diff --git a/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.svg b/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.svg
index 916a160..1b6dbb7 100644
--- a/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.svg
+++ b/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.svg
@@ -19,15 +19,15 @@
.st5 {fill:#a0370b;font-family:Franklin Gothic Demi;font-size:1.00001em}
.st6 {marker-end:url(#mrkr5-21);stroke:#008cd8;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
.st7 {fill:#008cd8;fill-opacity:1;stroke:#008cd8;stroke-opacity:1;stroke-width:0.22935779816514}
- .st8 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+ .st8 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
.st9 {fill:#002f49;font-family:Franklin Gothic Demi;font-size:0.666664em}
.st10 {fill:#fce4da;stroke:#f37b49;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
.st11 {marker-end:url(#mrkr4-50);stroke:#008cd8;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
- .st12 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
- .st13 {fill:#a0360a;font-size:1em}
- .st14 {marker-end:url(#mrkr4-152);stroke:#7030a0;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
- .st15 {fill:#7030a0;fill-opacity:1;stroke:#7030a0;stroke-opacity:1;stroke-width:0.22935779816514}
- .st16 {fill:#a0360a;font-family:Franklin Gothic Demi;font-size:1.00001em}
+ .st12 {fill:#a0360a;font-size:1em}
+ .st13 {marker-end:url(#mrkr4-152);stroke:#7030a0;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st14 {fill:#7030a0;fill-opacity:1;stroke:#7030a0;stroke-opacity:1;stroke-width:0.22935779816514}
+ .st15 {fill:#a0360a;font-family:Franklin Gothic Demi;font-size:1.00001em}
+ .st16 {fill:#ffffff;stroke:none;stroke-linecap:butt}
.st17 {fill:#00304a;font-family:Franklin Gothic Demi;font-size:0.666664em}
.st18 {fill:#ffffff}
.st19 {stroke:#00bc74;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
@@ -52,7 +52,7 @@
markerUnits="strokeWidth" overflow="visible">
-
@@ -149,7 +149,7 @@
-
+
case_file_refs
Dynamic connector.1008
@@ -157,7 +157,7 @@
-
+
case_file_refs
Dynamic connector.1009
@@ -173,7 +173,7 @@
-
+
case_file_refs
Rectangle.1011
@@ -192,7 +192,7 @@
-
+
investigates
Rectangle.1014
@@ -204,7 +204,7 @@
x-investigator::administrator
Dynamic connector.1015
@@ -212,7 +212,7 @@
-
+
attributed-to
Dynamic connector.1016
@@ -220,7 +220,7 @@
-
+
captures-evidence-in
Dynamic connector.1017
@@ -228,7 +228,7 @@
-
+
captures-evidence-in
Dynamic connector.1018
@@ -236,7 +236,7 @@
-
+
captures-evidence-in
Dynamic connector.1019
@@ -252,7 +252,7 @@
-
+
evidence-of
Rectangle.1021
@@ -282,15 +282,15 @@
-
+
image-of
Dynamic connector.1024
action_refs
-
-
+
+
action_refs
Rectangle.1001
@@ -322,7 +322,7 @@
-
+
indicated-by
@@ -335,14 +335,14 @@
- x-timeline
+ x-timeline
Dynamic connector.1031
reconstructed_by_ref
-
+
reconstructed_by_ref
@@ -351,7 +351,7 @@
-
+
based-on
Rectangle.1075
@@ -370,7 +370,7 @@
-
+
object_refs
Rectangle.1098
@@ -381,7 +381,7 @@
- x-investigation-tool:x-investigation-tool:PhotoRec7.1
Rectangle.1039
@@ -400,7 +400,7 @@
-
+
object_refs
Rectangle.1044
@@ -419,7 +419,7 @@
-
+
object_refs
Rectangle.1049
@@ -438,7 +438,7 @@
-
+
object_refs
Sheet.1054
@@ -465,7 +465,7 @@
-
+
content_ref
Rectangle.1059
@@ -485,7 +485,7 @@
-
+
object_refs
Rectangle.1061
@@ -504,7 +504,7 @@
-
+
based-on
Rectangle.1063
@@ -522,7 +522,7 @@
action_refs
-
+
action_refs
@@ -531,7 +531,7 @@
-
+
indicated-by
@@ -587,7 +587,7 @@
-
+
inputs_refs
Dynamic connector.1072
@@ -595,7 +595,7 @@
-
+
outputs_refs
Rectangle.1073
@@ -616,7 +616,7 @@
-
+
object_refs
Dynamic connector.1075
@@ -624,7 +624,7 @@
-
+
based-on
Dynamic connector.1076
@@ -632,7 +632,7 @@
-
+
outputs_refs
Dynamic connector.1077
@@ -640,7 +640,7 @@
-
+
outputs_refs
Dynamic connector.1078
@@ -648,7 +648,7 @@
-
+
outputs_refs
Dynamic connector.1079
@@ -656,7 +656,7 @@
-
+
outputs_refs
Dynamic connector.1080
@@ -664,7 +664,7 @@
-
+
outputs_refs
Dynamic connector.1081
@@ -672,7 +672,7 @@
-
+
outputs_refs
Dynamic connector.1082
@@ -681,7 +681,7 @@
-
+
imputs_refs
Rectangle.1083
@@ -700,7 +700,7 @@
-
+
targets_refs
Dynamic connector.1085
@@ -708,7 +708,7 @@
-
+
targets_refs
Dynamic connector.1086
@@ -716,7 +716,7 @@
-
+
targets_refs
Dynamic connector.1087
@@ -724,7 +724,7 @@
-
+
indicated-by
@@ -733,8 +733,8 @@
action_refs
-
-
+
+
action_refs
Sheet.1089
@@ -750,7 +750,7 @@
-
+
outputs_refs
Rectangle.1091
@@ -769,7 +769,7 @@
-
+
inputs_refs
Dynamic connector.1093
@@ -777,7 +777,7 @@
-
+
inputs_refs
Rectangle.1094
@@ -796,7 +796,7 @@
-
+
outputs_refs
Dynamic connector.1096
@@ -804,7 +804,7 @@
-
+
object_refs
Dynamic connector.1097
@@ -812,7 +812,7 @@
-
+
object_refs
Rectangle.1098
@@ -831,7 +831,7 @@
-
+
outputs_refs
Rectangle.1100
@@ -869,7 +869,7 @@
-
+
inputs_refs
Dynamic connector.1104
@@ -877,7 +877,7 @@
-
+
outputs_refs
Dynamic connector.1105
@@ -885,7 +885,7 @@
-
+
outputs_refs
Rectangle.1106
@@ -915,7 +915,7 @@
-
+
inputs_refs
Dynamic connector.1109
@@ -923,7 +923,7 @@
-
+
inputs_refs
Dynamic connector.1110
@@ -931,7 +931,7 @@
-
+
outputs_refs
Dynamic connector.1111
@@ -939,7 +939,7 @@
-
+
object_refs
Dynamic connector.1112
@@ -955,7 +955,7 @@
-
+
object_refs
Rectangle.1114
@@ -1007,7 +1007,7 @@
-
+
src_ref
Dynamic connector.1119
@@ -1015,7 +1015,7 @@
-
+
dst_ref
Rectangle.1120
@@ -1034,7 +1034,7 @@
-
+
inputs_refs
Dynamic connector.1122
@@ -1043,7 +1043,7 @@
-
+
outputs_refs
Dynamic connector.1123
@@ -1051,7 +1051,7 @@
-
+
outputs_refs
Rectangle.1124
@@ -1071,7 +1071,7 @@
-
+
object_refs
Dynamic connector.1126
@@ -1079,7 +1079,7 @@
-
+
object_refs
Rectangle.1127
@@ -1098,7 +1098,7 @@
-
+
based-on
Rectangle.1129
@@ -1117,7 +1117,7 @@
-
+
targets_refs
Dynamic connector.1131
@@ -1134,8 +1134,8 @@
action_refs
-
-
+
+
action_refs
Rectangle.1133
@@ -1154,7 +1154,7 @@
-
+
des_ref
Dynamic connector.1135
@@ -1162,7 +1162,7 @@
-
+
src_ref
Rectangle.1137
@@ -1181,7 +1181,7 @@
-
+
outputs_refs
Dynamic connector.1139
@@ -1189,7 +1189,7 @@
-
+
object_refs
Dynamic connector.1140
@@ -1197,7 +1197,7 @@
-
+
object_refs
Rectangle.1141
@@ -1217,7 +1217,7 @@
-
+
outputs_refs
Rectangle.1143
@@ -1266,7 +1266,7 @@
-
+
inputs_ref
Dynamic connector.1148
@@ -1274,7 +1274,7 @@
-
+
outputs_ref
Dynamic connector.1149
@@ -1282,7 +1282,7 @@
-
+
extensions.archive-ext.contains_refs
Dynamic connector.1150
@@ -1290,7 +1290,7 @@
-
+
extensions.archive-ext.contains_refs
Dynamic connector.1151
@@ -1298,7 +1298,7 @@
-
+
src_ref
Dynamic connector.1152
@@ -1306,7 +1306,7 @@
-
+
des_ref
Dynamic connector.1153
@@ -1316,7 +1316,7 @@
-
+
outputs_refs
Dynamic connector.1154
@@ -1324,7 +1324,7 @@
-
+
outputs_refs
Dynamic connector.1155
@@ -1336,7 +1336,7 @@
-
+
object_refs
Dynamic connector.1157
@@ -1344,7 +1344,7 @@
-
+
object_refs
Dynamic connector.1158
@@ -1352,7 +1352,7 @@
-
+
outputs_refs
Rectangle.1159
@@ -1404,7 +1404,7 @@
-
+
src_ref
Dynamic connector.1164
@@ -1412,7 +1412,7 @@
-
+
dst_ref
Rectangle.1165
@@ -1432,7 +1432,7 @@
-
+
inputs_refs
Dynamic connector.1167
@@ -1440,7 +1440,7 @@
-
+
outputs_refs
Dynamic connector.1168
@@ -1448,7 +1448,7 @@
-
+
outputs_refs
Rectangle.1169
@@ -1467,7 +1467,7 @@
-
+
object_refs
Dynamic connector.1171
@@ -1475,7 +1475,7 @@
-
+
object_refs
Rectangle.1172
@@ -1495,7 +1495,7 @@
-
+
based-on
Dynamic connector.1174
@@ -1503,7 +1503,7 @@
-
+
targets_refs
Dynamic connector.1175
@@ -1511,7 +1511,7 @@
-
+
targets_refs
Dynamic connector.1176
@@ -1519,7 +1519,7 @@
-
+
targets_refs
Dynamic connector.1177
@@ -1527,7 +1527,7 @@
-
+
targets_refs
Dynamic connector.1178
@@ -1535,7 +1535,7 @@
-
+
targets_refs
Rectangle.1179
@@ -1553,7 +1553,7 @@
action_refs
-
+
action_refs
@@ -1562,7 +1562,7 @@
-
+
indicated-by
@@ -1583,7 +1583,7 @@
-
+
outputs_refs
Dynamic connector.1184
@@ -1591,7 +1591,7 @@
-
+
src_ref
Dynamic connector.1185
@@ -1599,7 +1599,7 @@
-
+
det_ref
Rectangle.1186
@@ -1618,15 +1618,15 @@
-
+
outputs_refs
Dynamic connector.1188
object_refs
-
-
+
+
object_refs
Dynamic connector.1189
@@ -1634,7 +1634,7 @@
-
+
object_refs
Dynamic connector.1190
@@ -1642,7 +1642,7 @@
-
+
targets_refs
Dynamic connector.1191
@@ -1650,7 +1650,7 @@
-
+
targets_refs
Dynamic connector.1192
@@ -1658,7 +1658,7 @@
-
+
reconstructed_from_ref
Dynamic connector.1197
@@ -1666,7 +1666,7 @@
-
+
object_refs
Dynamic connector.1198
@@ -1674,9 +1674,9 @@
-
+
object_refs
-
+
@@ -1687,24 +1687,24 @@
-
+
-
-
+
+
Note.1193
- [file:extensions:status='recovered' and file:extensions:conte...
+ [file:extensions.auxiliary-ext.status='recovered' and file:ex...
-
-
-
-
- [file:extensions:status='recovered' and file:extensions:content_tags[0]='rhino']
-
+
+
+
+
+ [file:extensions.auxiliary-ext.status='recovered' and file:extensions.auxiliary-ext.content_tags[0]='rhino']
+
Sheet.1194
@@ -1712,7 +1712,7 @@
-
+
@@ -1723,26 +1723,36 @@
-
+
-
-
+
+
Note.1195
//"jphide tool used for hidding images"+"two passwords found"...
-
-
-
-
- //"jphide tool used for hidding images"+"two passwords
+
+
+
+ //"jphide tool used for hidding images"+"two passwords found" + "two jpgs are decoded from other images"[artifact:payload_bin MATCHES 'anBoaWRl' and file:extensions:status='decoded' and exists artifact--01b778f5-e334-52a5-a49d-f9b2de330be9 and exists artifact--5bb67aa9-d849-465d-a433-114063836965]
-
+ x="4" dy="2.4em" class="st3" v:langID="1033">[artifact:payload_bin MATCHES 'anBoaWRl' and file:extensions.auxiliary-ext.status='decoded' and exists artifact--01b778f5-e334-52a5-a49d-f9b2de330be9 and exists artifact--5bb67aa9-d849-465d-a433-114063836965]
+
Sheet.1196
diff --git a/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.vsdx b/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.vsdx
index 84e7529..cd6f40b 100644
Binary files a/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.vsdx and b/STIX_for_digital_forensics/Illegal_Possession_Images/illegal_possession_image.vsdx differ