From 4d9eeeebc5399bc8c282a0e7cb3dc1a6c4a3fa58 Mon Sep 17 00:00:00 2001
From: Frank Xu <frank.w.xu@gmail.com>
Date: Mon, 1 Feb 2021 10:06:43 -0500
Subject: [PATCH] add xSTIX

---
 STIX_for_digital_forensics/readme.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/STIX_for_digital_forensics/readme.md b/STIX_for_digital_forensics/readme.md
index 2a13bda..7984f3a 100644
--- a/STIX_for_digital_forensics/readme.md
+++ b/STIX_for_digital_forensics/readme.md
@@ -705,7 +705,7 @@ Investigation Tools are software that can be used by cyber investigators to perf
 | tool_types      | list of type open-vocab | The values for this property SHOULD come from the investigation-tool-type-ov open vocabulary. |
 | aliases         | list of type string     | Alternative names used to identify this investigation tool.                                   |
 | tool_version    | string                  | The version identifier associated with the investigation tool.                                |
-| software_ref    | identifier              | Specifier the software that is used as the investigation tool.                                |
+| software_ref    | identifier              | Specifier the software product (if CPE or SWID is known) used as the investigation tool.      |
 
 ## Investigation Tool Type Vocabulary
 
@@ -724,6 +724,10 @@ Investigation Tool Type is an open vocabulary that describes the type of the too
 | dump               | Tools used to dump information from cache or memory.                                                            |
 | unknown            | There is not enough information available to determine the type of tool.                                        |
 
+### Examples
+
+Use an open-source software to parse and decode $LogFile records
+
 ```json
 {
   "type": "x-investigation-tool",