add relation saved-to to events and visits

2026-02-20 13:40:40 +00:00 · 2021-02-17 11:23:41 -05:00
parent 64113eac15
commit 6e05832b40
3 changed files with 58 additions and 58 deletions
--- a/STIX_for_digital_forensics/CFO_intro.svg
+++ b/STIX_for_digital_forensics/CFO_intro.svg
@@ -25,8 +25,8 @@
 		.st11 {fill:#008cd8;fill-opacity:1;stroke:#008cd8;stroke-opacity:1;stroke-width:0.22935779816514}
 		.st12 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
 		.st13 {fill:#002f49;font-family:Franklin Gothic Demi;font-size:0.666664em}
-		.st14 {fill:#ffffff;stroke:none;stroke-linecap:butt}
-		.st15 {fill:#a0370b;font-family:Franklin Gothic Demi;font-size:1.00001em}
+		.st14 {fill:#a0370b;font-family:Franklin Gothic Demi;font-size:1.00001em}
+		.st15 {fill:#ffffff;stroke:none;stroke-linecap:butt}
 		.st16 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
 	]]>
 	</style>
@@ -451,12 +451,12 @@
 						class="st9" v:langID="1033">2</tspan></text>		</g>
 		<g id="shape1029-143" v:mID="1029" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-485.254)">
 			<title>Dynamic connector.1029</title>
-			<desc>sved-to</desc>
+			<desc>output-to</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="9" cy="1614.25" width="40" height="17.6036"/>
+			<v:textRect cx="9" cy="1614.25" width="42.05" height="17.6036"/>
 			<path d="M9 1548 L9 1673.96" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-3.56995" y="1609.45" width="25.14" height="9.59985" class="st12"/>
-			<text x="-3.57" y="1616.65" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>sved-to</text>		</g>
+			<rect v:rectContext="textBkgnd" x="-7.0192" y="1609.45" width="32.0383" height="9.59985" class="st12"/>
+			<text x="-7.02" y="1616.65" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>output-to</text>		</g>
 		<g id="shape1030-150" v:mID="1030" v:groupContext="shape" transform="translate(106.875,-484.33)">
 			<title>Rectangle.1030</title>
 			<desc>software--2</desc>
@@ -488,7 +488,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1573.16" width="81.55" height="17.6036"/>
 			<path d="M9 1548 L9 1591.78" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st12"/>
 			<text x="-26.77" y="1575.56" class="st13" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
 		<g id="shape1034-170" v:mID="1034" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1171.23)">
 			<title>Dynamic connector.1034</title>
@@ -496,7 +496,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-216" cy="2009.88" width="55.67" height="17.6036"/>
 			<path d="M0 1548 L-216 1548 L-216 2376.7 L88.52 2376.7" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-238.832" y="2005.08" width="45.6638" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-238.832" y="2005.08" width="45.6638" height="9.59985" class="st12"/>
 			<text x="-238.83" y="2012.28" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
 						class="st9" v:langID="2057">ontains</tspan><tspan class="st9" v:langID="2057">-</tspan><tspan class="st9"
 						v:langID="2057">refs</tspan></text>		</g>
@@ -539,7 +539,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
 			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st3"/>
-			<text x="22.27" y="1541.37" class="st15" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigator<tspan
+			<text x="22.27" y="1541.37" class="st14" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigator<tspan
 						class="st9" v:langID="1033">--</tspan><tspan class="st9" v:langID="1033">2</tspan></text>		</g>
 		<g id="shape1040-205" v:mID="1040" v:groupContext="shape" v:layerMember="0" transform="translate(708.75,-764.557)">
 			<title>Dynamic connector.1040</title>
@@ -618,12 +618,12 @@
 						class="st9" v:langID="1033">4</tspan></text>		</g>
 		<g id="shape1048-248" v:mID="1048" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-485.254)">
 			<title>Dynamic connector.1048</title>
-			<desc>sved-to</desc>
+			<desc>output-to</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="9" cy="1614.25" width="40" height="17.6036"/>
+			<v:textRect cx="9" cy="1614.25" width="42.05" height="17.6036"/>
 			<path d="M9 1548 L9 1673.96" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-3.56995" y="1609.45" width="25.14" height="9.59985" class="st14"/>
-			<text x="-3.57" y="1616.65" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>sved-to</text>		</g>
+			<rect v:rectContext="textBkgnd" x="-7.0192" y="1609.45" width="32.0383" height="9.59985" class="st12"/>
+			<text x="-7.02" y="1616.65" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>output-to</text>		</g>
 		<g id="shape1049-255" v:mID="1049" v:groupContext="shape" transform="translate(782.437,-261.523)">
 			<title>Sheet.1049</title>
 			<desc>directory-3</desc>
@@ -637,7 +637,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1573.16" width="81.55" height="17.6036"/>
 			<path d="M9 1548 L9 1591.78" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st12"/>
 			<text x="-26.77" y="1575.56" class="st13" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
 		<g id="shape1051-265" v:mID="1051" v:groupContext="shape" v:layerMember="0" transform="translate(839.531,-680.562)">
 			<title>Dynamic connector.1051</title>
@@ -707,12 +707,12 @@
 						class="st9" v:langID="1033">3</tspan></text>		</g>
 		<g id="shape1058-300" v:mID="1058" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-485.254)">
 			<title>Dynamic connector.1058</title>
-			<desc>sved-to</desc>
+			<desc>output-to</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="9" cy="1614.25" width="40" height="17.6036"/>
+			<v:textRect cx="9" cy="1614.25" width="42.05" height="17.6036"/>
 			<path d="M9 1548 L9 1673.96" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-3.56995" y="1609.45" width="25.14" height="9.59985" class="st12"/>
-			<text x="-3.57" y="1616.65" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>sved-to</text>		</g>
+			<rect v:rectContext="textBkgnd" x="-7.0192" y="1609.45" width="32.0383" height="9.59985" class="st12"/>
+			<text x="-7.02" y="1616.65" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>output-to</text>		</g>
 		<g id="shape1059-307" v:mID="1059" v:groupContext="shape" transform="translate(594.562,-261.523)">
 			<title>Sheet.1059</title>
 			<desc>directory-2</desc>
@@ -734,7 +734,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-87.2363" cy="1548" width="52.77" height="17.6036"/>
 			<path d="M0 1548 L-122.63 1548 L-122.63 1593.31" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-108.615" y="1543.2" width="42.7577" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-108.615" y="1543.2" width="42.7577" height="9.59985" class="st12"/>
 			<text x="-108.62" y="1550.4" class="st13" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicated-by</text>		</g>
 		<g id="shape1062-324" v:mID="1062" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1171.23)">
 			<title>Dynamic connector.1062</title>
@@ -753,7 +753,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="526.5" cy="1925" width="55.67" height="17.6036"/>
 			<path d="M0 1548 L526.5 1548 L526.5 2376.7 L484.1 2376.7" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="503.668" y="1920.2" width="45.6638" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="503.668" y="1920.2" width="45.6638" height="9.59985" class="st12"/>
 			<text x="503.67" y="1927.4" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan class="st9"
 						v:langID="2057">ontains</tspan><tspan class="st9" v:langID="2057">-</tspan><tspan class="st9"
 						v:langID="2057">refs</tspan></text>		</g>
@@ -763,7 +763,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-88.65" cy="1622.34" width="40" height="17.6036"/>
 			<path d="M0 1548 L0 1603.75 L-88.65 1603.75 L-88.65 1761.93 L-71.79 1761.93" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-100.218" y="1617.54" width="23.1364" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-100.218" y="1617.54" width="23.1364" height="9.59985" class="st12"/>
 			<text x="-100.22" y="1624.74" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>part-of</text>		</g>
 		<g id="shape1066-351" v:mID="1066" v:groupContext="shape" v:layerMember="0" transform="translate(653.062,-1046.04)">
 			<title>Dynamic connector.1066</title>
@@ -782,7 +782,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
 			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st3"/>
-			<text x="22.27" y="1541.37" class="st15" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigator--1</text>		</g>
+			<text x="22.27" y="1541.37" class="st14" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigator--1</text>		</g>
 		<g id="shape1069-361" v:mID="1069" v:groupContext="shape" transform="translate(306,-883.123)">
 			<title>Rectangle.1069</title>
 			<desc>x-investigation-tool--1</desc>
@@ -799,7 +799,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1564.63" width="77.28" height="17.6036"/>
 			<path d="M9 1548 L9 1574.72" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-24.6347" y="1559.83" width="67.2693" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-24.6347" y="1559.83" width="67.2693" height="9.59985" class="st12"/>
 			<text x="-24.63" y="1567.03" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>acquired_using_ref</text>		</g>
 		<g id="shape1071-371" v:mID="1071" v:groupContext="shape" transform="translate(306,-820.123)">
 			<title>Rectangle.1071</title>
@@ -850,19 +850,19 @@
 			<text x="50.33" y="1541.37" class="st6" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>file--1</text>		</g>
 		<g id="shape1076-396" v:mID="1076" v:groupContext="shape" v:layerMember="0" transform="translate(218.25,-631.328)">
 			<title>Dynamic connector.1076</title>
-			<desc>saved-to</desc>
+			<desc>output-to</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="9" cy="1526.73" width="40" height="17.6036"/>
+			<v:textRect cx="9" cy="1526.73" width="42.05" height="17.6036"/>
 			<path d="M9 1548 L9 1512" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-5.7359" y="1521.93" width="29.4719" height="9.59985" class="st14"/>
-			<text x="-5.74" y="1529.13" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>saved-to</text>		</g>
+			<rect v:rectContext="textBkgnd" x="-7.0192" y="1521.93" width="32.0383" height="9.59985" class="st12"/>
+			<text x="-7.02" y="1529.13" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>output-to</text>		</g>
 		<g id="shape1077-403" v:mID="1077" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1171.23)">
 			<title>Dynamic connector.1077</title>
 			<desc>contains-refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-78.75" cy="1747.07" width="55.67" height="17.6036"/>
 			<path d="M0 1548 L-78.75 1548 L-78.75 2018.36" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-101.582" y="1742.27" width="45.6638" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-101.582" y="1742.27" width="45.6638" height="9.59985" class="st15"/>
 			<text x="-101.58" y="1749.47" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
 						class="st9" v:langID="2057">ontains</tspan><tspan class="st9" v:langID="2057">-</tspan><tspan class="st9"
 						v:langID="2057">refs</tspan></text>		</g>
@@ -872,7 +872,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-13.5" cy="1599.87" width="47.43" height="17.6036"/>
 			<path d="M0 1548 L-13.5 1548 L-13.5 1614.62 L-57.58 1614.62" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-32.2128" y="1595.07" width="37.4255" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-32.2128" y="1595.07" width="37.4255" height="9.59985" class="st15"/>
 			<text x="-32.21" y="1602.27" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>object-refs</text>		</g>
 		<g id="shape1079-420" v:mID="1079" v:groupContext="shape" transform="translate(820.125,-1375.48)">
 			<title>Rectangle.1079</title>
@@ -912,7 +912,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-48.6562" cy="1525.35" width="50.59" height="17.6036"/>
 			<path d="M0 1548 L-91.38 1505.45" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-68.949" y="1520.55" width="40.5854" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-68.949" y="1520.55" width="40.5854" height="9.59985" class="st12"/>
 			<text x="-68.95" y="1527.75" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>assigned-to</text>		</g>
 		<g id="shape1083-438" v:mID="1083" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-936.84)">
 			<title>Dynamic connector.1083</title>
@@ -944,7 +944,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-29.25" cy="1528.23" width="40" height="17.6036"/>
 			<path d="M0 1548 L-29.25 1548 L-29.25 1485.75" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-43.082" y="1523.43" width="27.6638" height="9.59985" class="st12"/>
+			<rect v:rectContext="textBkgnd" x="-43.082" y="1523.43" width="27.6638" height="9.59985" class="st15"/>
 			<text x="-43.08" y="1530.63" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
 		<g id="shape1087-466" v:mID="1087" v:groupContext="shape" transform="translate(295.875,-506.351)">
 			<title>Rectangle.1087</title>
@@ -962,7 +962,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-13.9205" cy="1526.9" width="40" height="17.6036"/>
 			<path d="M0 1548 L-13.5 1548 L-13.5 1526.9 L-42.4 1526.9" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-25.3423" y="1522.1" width="22.8439" height="9.59985" class="st12"/>
+			<rect v:rectContext="textBkgnd" x="-25.3423" y="1522.1" width="22.8439" height="9.59985" class="st15"/>
 			<text x="-25.34" y="1529.3" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>url_ref</text>		</g>
 		<g id="shape1089-476" v:mID="1089" v:groupContext="shape" v:layerMember="0" transform="translate(466.312,-551.871)">
 			<title>Dynamic connector.1089</title>
@@ -970,7 +970,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-70.1887" cy="1561.5" width="49.38" height="17.6036"/>
 			<path d="M0 1548 L0 1561.5 L-142.31 1561.5 L-142.31 1566.52" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-89.8723" y="1556.7" width="39.367" height="9.59985" class="st12"/>
+			<rect v:rectContext="textBkgnd" x="-89.8723" y="1556.7" width="39.367" height="9.59985" class="st15"/>
 			<text x="-89.87" y="1563.9" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
 						class="st9" v:langID="2057">ject_refs</tspan></text>		</g>
 		<g id="shape1090-484" v:mID="1090" v:groupContext="shape" transform="translate(793.125,-1046.04)">
@@ -989,7 +989,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="42.1875" cy="1539" width="41.11" height="17.6036"/>
 			<path d="M0 1539 L77.83 1539" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="26.6367" y="1534.2" width="31.1015" height="9.59985" class="st12"/>
+			<rect v:rectContext="textBkgnd" x="26.6367" y="1534.2" width="31.1015" height="9.59985" class="st15"/>
 			<text x="26.64" y="1541.4" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ram_refs</text>		</g>
 		<g id="shape1092-494" v:mID="1092" v:groupContext="shape" v:layerMember="0" transform="translate(867.656,-957.295)">
 			<title>Dynamic connector.1092</title>
@@ -1020,7 +1020,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="88.7737" cy="1520.95" width="78.17" height="17.6036"/>
 			<path d="M0 1548 L171.29 1495.81" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="55.6939" y="1516.15" width="66.1594" height="9.59985" class="st12"/>
+			<rect v:rectContext="textBkgnd" x="55.6939" y="1516.15" width="66.1594" height="9.59985" class="st15"/>
 			<text x="55.69" y="1523.35" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>communicates-use  </text>		</g>
 		<g id="shape1098-516" v:mID="1098" v:groupContext="shape" transform="translate(276.75,-426.349)">
 			<title>Rectangle.1098</title>
@@ -1066,7 +1066,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-40.6547" cy="1567.22" width="57.89" height="17.6036"/>
 			<path d="M0 1548 L-75.4 1583.65" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-63.5978" y="1562.43" width="45.886" height="9.59985" class="st12"/>
+			<rect v:rectContext="textBkgnd" x="-63.5978" y="1562.43" width="45.886" height="9.59985" class="st15"/>
 			<text x="-63.6" y="1569.63" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>processed-by  </text>		</g>
 		<g id="shape1103-539" v:mID="1103" v:groupContext="shape" v:layerMember="0" transform="translate(848.812,-485.254)">
 			<title>Dynamic connector.1103</title>
@@ -1074,7 +1074,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-46.4062" cy="1567.22" width="57.89" height="17.6036"/>
 			<path d="M0 1548 L-86.77 1583.95" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-69.3493" y="1562.43" width="45.886" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-69.3493" y="1562.43" width="45.886" height="9.59985" class="st12"/>
 			<text x="-69.35" y="1569.63" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>processed-by  </text>		</g>
 		<g id="shape1104-546" v:mID="1104" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-1066.5)">
 			<title>Dynamic connector.1104</title>
@@ -1082,7 +1082,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="36.1715" cy="1510.85" width="40" height="17.6036"/>
 			<path d="M0 1548 L67.78 1478.39" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="29.9373" y="1506.05" width="12.4684" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="29.9373" y="1506.05" width="12.4684" height="9.59985" class="st12"/>
 			<text x="29.94" y="1513.25" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>has</text>		</g>
 		<g id="shape1105-553" v:mID="1105" v:groupContext="shape" transform="translate(85.2187,-1224)">
 			<title>Rectangle.1105</title>
@@ -1109,7 +1109,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="45.2812" cy="1539" width="75.59" height="17.6036"/>
 			<path d="M0 1539 L84.02 1539" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="12.4902" y="1534.2" width="65.5821" height="9.59985" class="st12"/>
+			<rect v:rectContext="textBkgnd" x="12.4902" y="1534.2" width="65.5821" height="9.59985" class="st15"/>
 			<text x="12.49" y="1541.4" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>local_directory_ref</text>		</g>
 		<g id="shape1108-568" v:mID="1108" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-1181.46)">
 			<title>Dynamic connector.1108</title>
@@ -1117,7 +1117,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1526.73" width="55.67" height="17.6036"/>
 			<path d="M9 1548 L9 1512" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="-13.832" y="1521.93" width="45.6638" height="9.59985" class="st14"/>
+			<rect v:rectContext="textBkgnd" x="-13.832" y="1521.93" width="45.6638" height="9.59985" class="st15"/>
 			<text x="-13.83" y="1529.13" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
 						class="st9" v:langID="2057">ontains</tspan><tspan class="st9" v:langID="2057">-</tspan><tspan class="st9"
 						v:langID="2057">refs</tspan></text>		</g>
@@ -1146,7 +1146,7 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="34.9139" cy="1575.77" width="52.76" height="17.6036"/>
 			<path d="M0 1548 L64.71 1599.46" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="13.539" y="1570.97" width="42.7497" height="9.59985" class="st12"/>
+			<rect v:rectContext="textBkgnd" x="13.539" y="1570.97" width="42.7497" height="9.59985" class="st15"/>
 			<text x="13.54" y="1578.17" class="st13" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>investigates</text>		</g>
 	</g>
 </svg>
--- a/STIX_for_digital_forensics/CFO_intro.vsdx
+++ b/STIX_for_digital_forensics/CFO_intro.vsdx
--- a/STIX_for_digital_forensics/readme.md
+++ b/STIX_for_digital_forensics/readme.md
@@ -912,7 +912,7 @@ Notes:
 | ------------- | ----------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------ |
 | x-windows-evt | exploits          | user-account                      | This Relationship describes that a Windows Event exploits a User Account.                              |
 | x-windows-evt | processed-by      | list of type x-investigation-tool | This Relationship describes that a Windows Event is processed/viewed by a list of Investigation Tools. |
-| x-windows-evt | saved-to          | identifer                         | This Relationship describes that a Windows Event was saved to a File, Registry, Artifact.              |
+| x-windows-evt | output-to         | identifer                         | This Relationship describes that a Windows Event was saved to a File, Registry, Artifact.              |

 ### Example 1: describes a "logon" event recorded in the security event file.

@@ -983,7 +983,7 @@ Notes:
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-windows-evt--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
    "target_ref": "file--79e0da61-48e2-4552-874f-83d74262f39d",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1032,7 +1032,7 @@ A Webpage Visit object represents a visit to a webpage.
 | --------------- | ----------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------- |
 | x-webpage-visit | exploits          | user-account                      | This Relationship describes that a Webpage Visit exploits a User Account.                               |
 | x-webpage-visit | processed-by      | list of type x-investigation-tool | This Relationship describes that a Webpage Visit was processed/viewed by a list of Investigation Tools. |
-| x-webpage-visit | saved-to          | identifer                         | This Relationship describes that aa Webpage Visit was saved to a File, Registry, Artifact.              |
+| x-webpage-visit | output-to         | identifer                         | This Relationship describes that aa Webpage Visit was saved to a File, Registry, Artifact.              |

 ### Examples

@@ -1077,7 +1077,7 @@ A Webpage Visit object represents a visit to a webpage.
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-webpage-visit--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
    "target_ref": "file--843f6a43-0603-4e0d-84a4-198386eecf4f",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1125,7 +1125,7 @@ Vocabulary Name: x-pnp-message-type-enum
 | --------- | ----------------- | --------------------------------- | ---------------------------------------------------------------------------------------------------------- |
 | x-pnp-evt | exploits          | user-account                      | This Relationship describes that a PnP Event exploits a user-account.                                      |
 | x-pnp-evt | processed-by      | list of type x-investigation-tool | This Relationship describes that a PnP Event was processed/viewed by a list of Investigation Tools.        |
-| x-pnp-evt | saved-to          | identifer                         | This Relationship describes that a PnP Event was saved to a File, Registry, Artifact, e.g., steupAPI.log . |
+| x-pnp-evt | output-to         | identifer                         | This Relationship describes that a PnP Event was saved to a File, Registry, Artifact, e.g., steupAPI.log . |

 ### Examples

@@ -1216,7 +1216,7 @@ A File Visit object represents properties that are associated with a file/direct
 | ------------ | ----------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------------- |
 | x-file-visit | exploits          | user-account                      | This Relationship describes that a File/directory Visit exploits a User Account.                              |
 | x-file-visit | processed-by      | list of type x-investigation-tool | This Relationship describes that a File/directory Visit is processed/viewed by a list of Investigation Tools. |
-| x-file-visit | saved-to          | identifer                         | This Relationship describes that a File/directory Visit was saved to a File, Registry, Artifact.              |
+| x-file-visit | output-to         | identifer                         | This Relationship describes that a File/directory Visit was saved to a File, Registry, Artifact.              |

 ### RecentFileCache

@@ -1275,7 +1275,7 @@ RecentFileCache.bcf only contains references to programs that were recently exec
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--83aee86d-1523-4111-938e-8edc8a6c804f",
    "target_ref": "file--176353bd-b61d-4944-b0cd-0b98783c50b5",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1319,7 +1319,7 @@ Shimcache is created to identify application compatibility issues. Two actions/e
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--83aee86d-1523-4111-938e-8edc8a6c804f",
    "target_ref": "windows-registry-key--2ba37ae7-2745-5082-9dfd-9486dad41016",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1364,7 +1364,7 @@ An Example of a Security ID (SID) is S-1-5-21-394942887-4226445097-2438273937-10
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--2bec785c-e1b0-4834-9a3a-9d04bd0749fe",
    "target_ref": "windows-registry-key--2ba37ae7-2745-5082-9dfd-9486dad41016",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1410,7 +1410,7 @@ Prefetch preloads the most frequently used software into memory. The example sho
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--83aee86d-1523-4111-938e-8edc8a6c804f",
    "target_ref": "file--2ba37ae7-2745-5082-9dfd-9486dad41016",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1458,7 +1458,7 @@ USN (Update Sequence Number) Journal records all files' changes (e.g.., rename)
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--2bec785c-e1b0-4834-9a3a-9d04bd0749fe",
    "target_ref": "file--2ba37ae7-2745-5082-9dfd-9486dad41016",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1500,7 +1500,7 @@ Windows uses the Shellbag keys to store user preferences for GUI folder display
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--36e6b5d9-f04e-45f0-90fd-ead11a3069a6",
    "target_ref": "windows-registry-key--14a4a46c-0957-4b9d-900d-35cb8379055c",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1546,7 +1546,7 @@ Jumplist represents a list of items and tasks displayed as a menu on a Windows 7
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--2bec785c-e1b0-4834-9a3a-9d04bd0749fe",
    "target_ref": "windows-registry-key--14a4a46c-0957-4b9d-900d-35cb8379055c",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1591,7 +1591,7 @@ lnk is a shortcut or "link" used by Windows as a reference to an original file,
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--ac69c037-c578-4c5e-ad6a-23d53a0b1d6e",
    "target_ref": "file--676b743a-3a56-4084-aeb5-fa9cfadf5663",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1636,7 +1636,7 @@ Most Recently Used files.
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--8cdbf030-89d9-48be-b733-5f4900706f0e",
    "target_ref": "file--676b743a-3a56-4084-aeb5-fa9cfadf5663",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1681,7 +1681,7 @@ A desktop.ini in MFT
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--9880e636-38b0-471a-8266-8a622a95b3a5",
    "target_ref": "file--19be1a16-4b87-4fc4-b056-dc9e0389d4bd",
    "created": "2020-01-16T18:52:24.277Z",
@@ -1735,7 +1735,7 @@ An event logged by Google drive. The event shows a file (happy_holiday.jpg) has
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--2ac9794f-b9d2-4653-b61d-b7af7c1ad7a5",
-    "relationship_type": "saved-to",
+    "relationship_type": "output-to",
    "source_ref": "x-file-visit--a2b48cc8-aaba-429f-9c1f-bcf1dbf3ada2",
    "target_ref": "file--d5faf70b-36b8-437c-9137-6c0fc83b1e69",
    "created": "2020-01-16T18:52:24.277Z",