diff --git a/STIX_for_digital_forensics/CFO_intro.svg b/STIX_for_digital_forensics/CFO_intro.svg
index d8c7524..58fa0a2 100644
--- a/STIX_for_digital_forensics/CFO_intro.svg
+++ b/STIX_for_digital_forensics/CFO_intro.svg
@@ -23,9 +23,9 @@
.st9 {font-size:1em}
.st10 {marker-end:url(#mrkr4-61);stroke:#008cd8;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
.st11 {fill:#008cd8;fill-opacity:1;stroke:#008cd8;stroke-opacity:1;stroke-width:0.22935779816514}
- .st12 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+ .st12 {fill:#ffffff;stroke:none;stroke-linecap:butt}
.st13 {fill:#002f49;font-family:Franklin Gothic Demi;font-size:0.666664em}
- .st14 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+ .st14 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
.st15 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
]]>
@@ -369,7 +369,7 @@
-
+
action_refs
Dynamic connector.1017
@@ -377,7 +377,7 @@
-
+
Indicated-by
Dynamic connector.1018
@@ -385,7 +385,7 @@
-
+
based-on
Dynamic connector.1019
@@ -393,7 +393,7 @@
-
+
object_refs
@@ -402,7 +402,7 @@
-
+
image-of
Dynamic connector.1024
@@ -410,7 +410,7 @@
-
+
evidence-of
Dynamic connector.1025
@@ -418,7 +418,7 @@
-
+
action_refs
Dynamic connector.1026
@@ -427,7 +427,7 @@
-
+
has
Dynamic connector.1027
@@ -488,7 +488,7 @@
-
+
parent_directory_ref
Dynamic connector.1034
@@ -496,7 +496,7 @@
-
+
contains-refs
@@ -520,7 +520,7 @@
-
+
attributed-to
Dynamic connector.1038
@@ -528,7 +528,7 @@
-
+
related-to
Rectangle.1039
@@ -595,7 +595,7 @@
-
+
based-on
Dynamic connector.1046
@@ -603,7 +603,7 @@
-
+
object_refs
@@ -623,7 +623,7 @@
-
+
source_ref
Sheet.1049
@@ -638,7 +638,7 @@
-
+
parent_directory_ref
Dynamic connector.1051
@@ -646,7 +646,7 @@
-
+
indicated-by
Rectangle.1052
@@ -692,7 +692,7 @@
-
+
object_refs
@@ -712,7 +712,7 @@
-
+
source_ref
Sheet.1059
@@ -727,7 +727,7 @@
-
+
parent_directory_ref
Dynamic connector.1061
@@ -735,7 +735,7 @@
-
+
indicated-by
Dynamic connector.1062
@@ -744,7 +744,7 @@
-
+
contains-refs
@@ -754,7 +754,7 @@
-
+
contains-refs
@@ -764,7 +764,7 @@
-
+
part-of
Dynamic connector.1066
@@ -797,12 +797,12 @@
x-investigation-tool--1
Dynamic connector.1070
- acquired_using_tool_ref
+ acquired_using_ref
-
+
-
- acquired_using_tool_ref
+
+ acquired_using_ref
Rectangle.1071
software--1
@@ -819,7 +819,7 @@
-
+
software_ref
Rectangle.1073
@@ -864,7 +864,7 @@
-
+
contains-refs
@@ -922,7 +922,7 @@
-
+
invovles
Dynamic connector.1084
@@ -938,7 +938,7 @@
-
+
exploits
Dynamic connector.1086
@@ -964,7 +964,7 @@
-
+
url_ref
Dynamic connector.1089
@@ -999,7 +999,7 @@
-
+
image-of
Sheet.1093
@@ -1022,7 +1022,7 @@
-
+
communicates-use
Rectangle.1098
@@ -1068,7 +1068,7 @@
-
+
processed-by
Dynamic connector.1103
@@ -1076,7 +1076,7 @@
-
+
processed-by
Dynamic connector.1104
@@ -1119,7 +1119,7 @@
-
+
contains-refs
@@ -1140,7 +1140,7 @@
-
+
requires
Dynamic connector
@@ -1148,7 +1148,7 @@
-
+
investigates
diff --git a/STIX_for_digital_forensics/CFO_intro.vsdx b/STIX_for_digital_forensics/CFO_intro.vsdx
index 00ad179..e0c0e6f 100644
Binary files a/STIX_for_digital_forensics/CFO_intro.vsdx and b/STIX_for_digital_forensics/CFO_intro.vsdx differ
diff --git a/STIX_for_digital_forensics/readme.md b/STIX_for_digital_forensics/readme.md
index 4f93770..6a09a04 100644
--- a/STIX_for_digital_forensics/readme.md
+++ b/STIX_for_digital_forensics/readme.md
@@ -90,17 +90,17 @@ An image Object represent a computer file containing the contents and structure
### Image Specific Properties
-| Property Name | Type | Description |
-| ----------------------- | ----------------------------- | --------------------------------------------------------------------- |
-| type (required) | string | The value of this property MUST be x-image. |
-| image_id | string | Specifies an id of an image. |
-| description | string | Specifies the description of an image. |
-| partitions | list of type x-disk-partition | Specifies a list of partitions that an image contains. |
-| acquired_on | timestamp | Specifies the time the image was acquired. |
-| format | open-vocab | Specifies the image format. It MUST come from x-disk-image-format-ov. |
-| acquired_using_tool_ref | identifier | Specifies the Investigation Tool that creates the image. |
-| acquired_by_ref | identifier | Specifies the Investigator that create a disk image. |
-| image_file_ref | identifier | Specifies a image file. |
+| Property Name | Type | Description |
+| ------------------ | ----------------------------- | --------------------------------------------------------------------- |
+| type (required) | string | The value of this property MUST be x-image. |
+| image_id | string | Specifies an id of an image. |
+| description | string | Specifies the description of an image. |
+| partitions | list of type x-disk-partition | Specifies a list of partitions that an image contains. |
+| acquired_on | timestamp | Specifies the time the image was acquired. |
+| format | open-vocab | Specifies the image format. It MUST come from x-disk-image-format-ov. |
+| acquired_using_ref | identifier | Specifies the Investigation Tool that creates the image. |
+| acquired_by_ref | identifier | Specifies the Investigator that create a disk image. |
+| image_file_ref | identifier | Specifies a image file. |
### Relationships
@@ -134,7 +134,7 @@ An image Object represent a computer file containing the contents and structure
"format": "dd",
"image_file_ref": "file--6e735550-51e8-483a-b0d6-29d6ff5cfbf3",
"acquired_by_ref": "x-investigator--b9babea0-63eb-4981-8e6d-f6603cf7e46a",
- "acquired_using_tool_ref": "x-investigation-tool--0a5b5f22-ba62-42f1-9d74-a94e87f4b45c",
+ "acquired_using_ref": "x-investigation-tool--0a5b5f22-ba62-42f1-9d74-a94e87f4b45c",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2021-04-06T20:03:00.000Z",
"modified": "2021-04-06T20:03:00.000Z"
@@ -512,16 +512,16 @@ An investigator is a digital forensic analyst to collect, store, and analyze dig
### Investigator Specific Properties
-| Property Name | Type | Description |
-| --------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
-| type (required) | string | The value of this property MUST be x-investigator. |
-| name (required) | string | A name used to identify this Investigator. |
-| description | string | A description that provides more details and context about the Investigator, potentially including its purpose and its key characteristics. |
-| degree | string | Specifies the highest academic degree of the investigator, e.g, AA, BS, MS, Ph.D. |
-| major | string | Specifies the major of the highest academic degree of the investigator. |
-| school | string | Specifies the school the investigator graduated from. |
-| certificates | list of type string | Specifies a list of certificates the investigator has. |
-| has_investigated_refs | list of type identifier | Specifier a list of x-crime-case. |
+| Property Name | Type | Description |
+| -------------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
+| type (required) | string | The value of this property MUST be x-investigator. |
+| name (required) | string | A name used to identify this Investigator. |
+| description | string | A description that provides more details and context about the Investigator, potentially including its purpose and its key characteristics. |
+| degree | string | Specifies the highest academic degree of the investigator, e.g, AA, BS, MS, Ph.D. |
+| major | string | Specifies the major of the highest academic degree of the investigator. |
+| school | string | Specifies the school the investigator graduated from. |
+| certificates | list of type string | Specifies a list of certificates the investigator has. |
+| has_investigated_case_refs | list of type identifier | Specifier a list of x-crime-case. |
### Relationships