From 70873df7e5bbe121574809b02c8e88c58fd0a203 Mon Sep 17 00:00:00 2001
From: Frank Xu <frank.w.xu@gmail.com>
Date: Sun, 14 Feb 2021 10:57:53 -0500
Subject: [PATCH] add a graph

---
 STIX_for_digital_forensics/CFO_intro.svg | 805 +++++++++++++++++++++++
 STIX_for_digital_forensics/readme.md     |  50 +-
 2 files changed, 829 insertions(+), 26 deletions(-)
 create mode 100644 STIX_for_digital_forensics/CFO_intro.svg

diff --git a/STIX_for_digital_forensics/CFO_intro.svg b/STIX_for_digital_forensics/CFO_intro.svg
new file mode 100644
index 0000000..1ba1613
--- /dev/null
+++ b/STIX_for_digital_forensics/CFO_intro.svg
@@ -0,0 +1,805 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export CFO_intro.svg Page-1 -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="24.5in" height="21.5in" viewBox="0 0 1764 1548"
+		xml:space="preserve" color-interpolation-filters="sRGB" class="st13">
+	<v:documentProperties v:langID="1033" v:viewMarkup="false">
+		<v:userDefs>
+			<v:ud v:nameU="msvNoAutoConnect" v:val="VT0(1):26"/>
+		</v:userDefs>
+	</v:documentProperties>
+
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#f37b49;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st2 {fill:#a0360a;font-family:Franklin Gothic Demi;font-size:1.00001em}
+		.st3 {fill:#ffffff;stroke:#008cd8;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st4 {fill:#004b74;font-family:Franklin Gothic Demi;font-size:1.00001em}
+		.st5 {fill:#ffffff;stroke:#00bc74;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#00653e;font-family:Franklin Gothic Demi;font-size:1.00001em}
+		.st7 {marker-end:url(#mrkr4-42);stroke:#008cd8;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+		.st8 {fill:#008cd8;fill-opacity:1;stroke:#008cd8;stroke-opacity:1;stroke-width:0.22935779816514}
+		.st9 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+		.st10 {fill:#002f49;font-family:Franklin Gothic Demi;font-size:0.666664em}
+		.st11 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st12 {font-size:1em}
+		.st13 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend4">
+			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+		</g>
+		<marker id="mrkr4-42" class="st8" v:arrowType="4" v:arrowSize="2" v:setback="8.72" refX="-8.72" orient="auto"
+				markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.36,-4.36) "/>
+		</marker>
+	</defs>
+	<g v:mID="0" v:index="1" v:groupContext="foregroundPage">
+		<v:userDefs>
+			<v:ud v:nameU="msvThemeOrder" v:val="VT0(0):26"/>
+		</v:userDefs>
+		<title>Page-1</title>
+		<v:pageProperties v:drawingScale="1" v:pageScale="1" v:drawingUnits="19" v:shadowOffsetX="9" v:shadowOffsetY="-9"/>
+		<v:layer v:name="Connector" v:index="0"/>
+		<g id="shape3-1" v:mID="3" v:groupContext="shape" transform="translate(306,-1401.54)">
+			<title>Rectangle</title>
+			<desc>x-disk-partition--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="19.19" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-disk-partition--1</text>		</g>
+		<g id="shape4-4" v:mID="4" v:groupContext="shape" transform="translate(306,-1348.47)">
+			<title>Rectangle.4</title>
+			<desc>x-secondary-storage--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="5.71" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-secondary-storage--1</text>		</g>
+		<g id="shape5-7" v:mID="5" v:groupContext="shape" transform="translate(306,-1239.26)">
+			<title>Rectangle.5</title>
+			<desc>x-disk-image--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="25.36" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-disk-image--1</text>		</g>
+		<g id="shape1000-10" v:mID="1000" v:groupContext="shape" transform="translate(401.062,-982.984)">
+			<title>Rectangle.1000</title>
+			<desc>x-action--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="37.61" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-action--1</text>		</g>
+		<g id="shape1001-13" v:mID="1001" v:groupContext="shape" transform="translate(401.062,-920.909)">
+			<title>Rectangle.1001</title>
+			<desc>indicator--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="35.21" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicator--1</text>		</g>
+		<g id="shape1002-16" v:mID="1002" v:groupContext="shape" transform="translate(401.062,-854.292)">
+			<title>Rectangle.1002</title>
+			<desc>observed-data--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="21.49" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>observed-data--1</text>		</g>
+		<g id="shape1003-19" v:mID="1003" v:groupContext="shape" transform="translate(401.062,-787.676)">
+			<title>Rectangle.1003</title>
+			<desc>x-webpage-visit--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st5"/>
+			<text x="17.94" y="1541.37" class="st6" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-webpage-visit--1</text>		</g>
+		<g id="shape1004-22" v:mID="1004" v:groupContext="shape" transform="translate(579.375,-1348.47)">
+			<title>Rectangle.1004</title>
+			<desc>x-computer--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
+			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st1"/>
+			<text x="28.46" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-computer--1</text>		</g>
+		<g id="shape1005-25" v:mID="1005" v:groupContext="shape" transform="translate(579.375,-1239.26)">
+			<title>Rectangle.1005</title>
+			<desc>x-crime-case--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
+			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st1"/>
+			<text x="24.77" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-crime-case--1</text>		</g>
+		<g id="shape1006-28" v:mID="1006" v:groupContext="shape" transform="translate(579.375,-1065.75)">
+			<title>Rectangle.1006</title>
+			<desc>x-timeline--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
+			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st1"/>
+			<text x="32.04" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-timeline--1</text>		</g>
+		<g id="shape1008-31" v:mID="1008" v:groupContext="shape" transform="translate(783.562,-982.984)">
+			<title>Rectangle.1008</title>
+			<desc>x-action--2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
+			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st1"/>
+			<text x="37.05" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-action--2</text>		</g>
+		<g id="shape1009-34" v:mID="1009" v:groupContext="shape" transform="translate(794.25,-1239.26)">
+			<title>Rectangle.1009</title>
+			<desc>x-memory- image—1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
+			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st1"/>
+			<text x="12.24" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-memory- image—1</text>		</g>
+		<g id="shape1011-37" v:mID="1011" v:groupContext="shape" v:layerMember="0" transform="translate(436.5,-1240.49)">
+			<title>Dynamic connector.1011</title>
+			<desc>evidence_of</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="71.4375" cy="1539" width="52.21" height="17.6036"/>
+			<path d="M0 1539 L136.33 1539" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="50.336" y="1534.2" width="42.2029" height="9.59985" class="st9"/>
+			<text x="50.34" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>evidence_of</text>		</g>
+		<g id="shape1012-45" v:mID="1012" v:groupContext="shape" transform="translate(307.125,-1065.75)">
+			<title>Rectangle.1012</title>
+			<desc>user-account --1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
+			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st3"/>
+			<text x="22.41" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>user-account --1</text>		</g>
+		<g id="shape1013-48" v:mID="1013" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-1066.98)">
+			<title>Dynamic connector.1013</title>
+			<desc>exploits</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-71.4375" cy="1539" width="40" height="17.6036"/>
+			<path d="M0 1539 L-136.33 1539" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-85.2695" y="1534.2" width="27.6638" height="9.59985" class="st9"/>
+			<text x="-85.27" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
+		<g id="shape1014-55" v:mID="1014" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-1065.75)">
+			<title>Dynamic connector.1014</title>
+			<desc>action_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-81.7906" cy="1586.24" width="49.44" height="17.6036"/>
+			<path d="M0 1548 L0 1586.24 L-177.75 1586.24 L-177.75 1603.77" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-101.505" y="1581.44" width="39.4297" height="9.59985" class="st11"/>
+			<text x="-101.51" y="1588.64" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>action_refs</text>		</g>
+		<g id="shape1017-62" v:mID="1017" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-982.984)">
+			<title>Dynamic connector.1017</title>
+			<desc>Indicated-by</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1568.81" width="52.96" height="17.6036"/>
+			<path d="M9 1548 L9 1583.08" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-12.4765" y="1564.01" width="42.953" height="9.59985" class="st11"/>
+			<text x="-12.48" y="1571.21" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>Indicated-by</text>		</g>
+		<g id="shape1018-69" v:mID="1018" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-920.909)">
+			<title>Dynamic connector.1018</title>
+			<desc>based-on</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1571.08" width="41.81" height="17.6036"/>
+			<path d="M9 1548 L9 1587.62" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st11"/>
+			<text x="-6.9" y="1573.48" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
+		<g id="shape1019-76" v:mID="1019" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-854.292)">
+			<title>Dynamic connector.1019</title>
+			<desc>object_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1571.08" width="49.38" height="17.6036"/>
+			<path d="M9 1548 L9 1587.62" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st11"/>
+			<text x="-10.68" y="1573.48" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
+						class="st12" v:langID="2057">ject_refs</tspan></text>		</g>
+		<g id="shape1021-84" v:mID="1021" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-1259.72)">
+			<title>Dynamic connector.1021</title>
+			<desc>image-of</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1503.62" width="40.66" height="17.6036"/>
+			<path d="M9 1548 L9 1465.79" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-6.32417" y="1498.83" width="30.6483" height="9.59985" class="st11"/>
+			<text x="-6.32" y="1506.03" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>image-of</text>		</g>
+		<g id="shape1024-91" v:mID="1024" v:groupContext="shape" v:layerMember="0" transform="translate(794.25,-1240.49)">
+			<title>Dynamic connector.1024</title>
+			<desc>evidence-of</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-42.75" cy="1539" width="50.27" height="17.6036"/>
+			<path d="M0 1539 L-78.96 1539" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-62.8807" y="1534.2" width="40.2613" height="9.59985" class="st11"/>
+			<text x="-62.88" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>evidence-of</text>		</g>
+		<g id="shape1025-98" v:mID="1025" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-1065.75)">
+			<title>Dynamic connector.1025</title>
+			<desc>action_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="95.0094" cy="1586.24" width="49.44" height="17.6036"/>
+			<path d="M0 1548 L0 1586.24 L204.19 1586.24 L204.19 1603.77" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="75.2945" y="1581.44" width="39.4297" height="9.59985" class="st11"/>
+			<text x="75.29" y="1588.64" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>action_refs</text>		</g>
+		<g id="shape1026-105" v:mID="1026" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-1368.92)">
+			<title>Dynamic connector.1026</title>
+			<desc>has</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-269.136" cy="1467.92" width="40" height="17.6036"/>
+			<path d="M0 1548 L0 1467.92 L-380.61 1467.92 L-380.61 1840.94 L-343.48 1840.94" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-275.37" y="1463.12" width="12.4684" height="9.59985" class="st11"/>
+			<text x="-275.37" y="1470.32" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>has</text>		</g>
+		<g id="shape1027-112" v:mID="1027" v:groupContext="shape" v:layerMember="0" transform="translate(635.062,-1086.21)">
+			<title>Dynamic connector.1027</title>
+			<desc>reconstructed_from</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1471.47" width="79.25" height="17.6036"/>
+			<path d="M9 1548 L9 1401.48" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-25.6189" y="1466.67" width="69.2378" height="9.59985" class="st11"/>
+			<text x="-25.62" y="1473.87" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>r<tspan
+						class="st12" v:langID="2057">econstructed_from</tspan></text>		</g>
+		<g id="shape1028-120" v:mID="1028" v:groupContext="shape" transform="translate(401.062,-699.545)">
+			<title>Rectangle.1028</title>
+			<desc>file--2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="50.33" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>file--<tspan
+						class="st12" v:langID="1033">2</tspan></text>		</g>
+		<g id="shape1029-124" v:mID="1029" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-787.676)">
+			<title>Dynamic connector.1029</title>
+			<desc>source_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1581.84" width="47.17" height="17.6036"/>
+			<path d="M9 1548 L9 1609.14" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-9.57997" y="1577.04" width="37.1599" height="9.59985" class="st11"/>
+			<text x="-9.58" y="1584.24" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
+		<g id="shape1030-131" v:mID="1030" v:groupContext="shape" transform="translate(106.875,-786.751)">
+			<title>Rectangle.1030</title>
+			<desc>software--2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="43.3125" cy="1537.77" width="86.63" height="20.4551"/>
+			<rect x="0" y="1527.54" width="86.625" height="20.4551" class="st3"/>
+			<text x="13.76" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>software--2</text>		</g>
+		<g id="shape1031-134" v:mID="1031" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-806.441)">
+			<title>Dynamic connector.1031</title>
+			<desc>browser_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-103.319" cy="1557.46" width="51.65" height="17.6036"/>
+			<path d="M0 1556.54 L-13.5 1556.54 L-13.5 1557.46 L-201.02 1557.46" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-124.137" y="1552.66" width="41.6365" height="9.59985" class="st9"/>
+			<text x="-124.14" y="1559.86" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>browser_ref</text>		</g>
+		<g id="shape1032-141" v:mID="1032" v:groupContext="shape" transform="translate(399.937,-628.772)">
+			<title>Sheet.1032</title>
+			<desc>directory-1</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="36.92" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>directory-1</text>		</g>
+		<g id="shape1033-144" v:mID="1033" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-699.545)">
+			<title>Dynamic connector.1033</title>
+			<desc>parent_directory_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1573.16" width="81.55" height="17.6036"/>
+			<path d="M9 1548 L9 1591.78" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st11"/>
+			<text x="-26.77" y="1575.56" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
+		<g id="shape1034-151" v:mID="1034" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1411.77)">
+			<title>Dynamic connector.1034</title>
+			<desc>contains-refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-216" cy="1946.53" width="55.67" height="17.6036"/>
+			<path d="M0 1548 L-39.55 1548 A3 3 -180 0 0 -45.55 1548 L-216 1548 L-216 2250 L88.52 2250" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-238.832" y="1941.73" width="45.6638" height="9.59985" class="st11"/>
+			<text x="-238.83" y="1948.93" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
+						class="st12" v:langID="2057">ontains</tspan><tspan class="st12" v:langID="2057">-</tspan><tspan
+						class="st12" v:langID="2057">refs</tspan></text>		</g>
+		<g id="shape1035-161" v:mID="1035" v:groupContext="shape" transform="translate(480.375,-1103.84)">
+			<title>Sheet.1035</title>
+			<desc>threat-actor--1</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="43.3125" cy="1536.8" width="86.63" height="22.4037"/>
+			<rect x="0" y="1525.6" width="86.625" height="22.4037" class="st3"/>
+			<text x="5.42" y="1540.4" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>threat-actor--1</text>		</g>
+		<g id="shape1036-164" v:mID="1036" v:groupContext="shape" transform="translate(480.375,-1171.55)">
+			<title>Sheet.1036</title>
+			<desc>Identity--1</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="43.3125" cy="1536.8" width="86.63" height="22.4037"/>
+			<rect x="0" y="1525.6" width="86.625" height="22.4037" class="st3"/>
+			<text x="16.75" y="1540.4" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>Identity--1    </text>		</g>
+		<g id="shape1037-167" v:mID="1037" v:groupContext="shape" v:layerMember="0" transform="translate(514.687,-1126.24)">
+			<title>Dynamic connector.1037</title>
+			<desc>attributed-to</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1525.35" width="54.11" height="17.6036"/>
+			<path d="M9 1548 L9 1509.23" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-13.0506" y="1520.55" width="44.101" height="9.59985" class="st11"/>
+			<text x="-13.05" y="1527.75" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>attributed-to</text>		</g>
+		<g id="shape1038-174" v:mID="1038" v:groupContext="shape" v:layerMember="0" transform="translate(480.375,-1182.75)">
+			<title>Dynamic connector.1038</title>
+			<desc>related-to</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-19.5088" cy="1631.04" width="44.07" height="17.6036"/>
+			<path d="M0 1548 L-13.5 1548 L-13.5 1631.04 L-108.56 1631.04 L-108.56 1638" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-36.5418" y="1626.25" width="34.0659" height="9.59985" class="st11"/>
+			<text x="-36.54" y="1633.45" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>related-to</text>		</g>
+		<g id="shape1039-181" v:mID="1039" v:groupContext="shape" transform="translate(794.25,-1065.75)">
+			<title>Rectangle.1039</title>
+			<desc>identity--2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
+			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st3"/>
+			<text x="38.27" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>i<tspan class="st12"
+						v:langID="2057">denti</tspan>ty<tspan class="st12" v:langID="2057">--</tspan><tspan class="st12"
+						v:langID="2057">2</tspan></text>		</g>
+		<g id="shape1040-187" v:mID="1040" v:groupContext="shape" v:layerMember="0" transform="translate(708.75,-1066.98)">
+			<title>Dynamic connector.1040</title>
+			<desc>reconstructed_by</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="42.75" cy="1539" width="70.95" height="17.6036"/>
+			<path d="M0 1539 L78.96 1539" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="12.2775" y="1534.2" width="60.945" height="9.59985" class="st11"/>
+			<text x="12.28" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>r<tspan class="st12"
+						v:langID="2057">econstructed_by</tspan></text>		</g>
+		<g id="shape1041-195" v:mID="1041" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-1349.69)">
+			<title>Dynamic connector.1041</title>
+			<desc>secondary_storage_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-71.4375" cy="1539" width="93.91" height="17.6036"/>
+			<path d="M0 1539 L-136.33 1539" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-113.39" y="1534.2" width="83.9056" height="9.59985" class="st9"/>
+			<text x="-113.39" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>secondary_storage_refs</text>		</g>
+		<g id="shape1042-202" v:mID="1042" v:groupContext="shape" transform="translate(783.562,-920.909)">
+			<title>Rectangle.1042</title>
+			<desc>indicator--3</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="35.21" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicator--3</text>		</g>
+		<g id="shape1043-205" v:mID="1043" v:groupContext="shape" transform="translate(783.562,-854.292)">
+			<title>Rectangle.1043</title>
+			<desc>observed-data--3</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="21.49" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>observed-data--3</text>		</g>
+		<g id="shape1044-208" v:mID="1044" v:groupContext="shape" transform="translate(783.562,-787.676)">
+			<title>Rectangle.1044</title>
+			<desc>x-pnp-evt--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st5"/>
+			<text x="34.8" y="1541.37" class="st6" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-pnp-evt--1</text>		</g>
+		<g id="shape1045-211" v:mID="1045" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-920.909)">
+			<title>Dynamic connector.1045</title>
+			<desc>based-on</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1571.08" width="41.81" height="17.6036"/>
+			<path d="M9 1548 L9 1587.62" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st11"/>
+			<text x="-6.9" y="1573.48" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
+		<g id="shape1046-218" v:mID="1046" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-854.292)">
+			<title>Dynamic connector.1046</title>
+			<desc>object_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1571.08" width="49.38" height="17.6036"/>
+			<path d="M9 1548 L9 1587.62" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st11"/>
+			<text x="-10.68" y="1573.48" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
+						class="st12" v:langID="2057">ject_refs</tspan></text>		</g>
+		<g id="shape1047-226" v:mID="1047" v:groupContext="shape" transform="translate(783.562,-699.545)">
+			<title>Rectangle.1047</title>
+			<desc>file--4</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="50.33" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>file--<tspan
+						class="st12" v:langID="1033">4</tspan></text>		</g>
+		<g id="shape1048-230" v:mID="1048" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-787.676)">
+			<title>Dynamic connector.1048</title>
+			<desc>source_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1581.84" width="47.17" height="17.6036"/>
+			<path d="M9 1548 L9 1609.14" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-9.57997" y="1577.04" width="37.1599" height="9.59985" class="st11"/>
+			<text x="-9.58" y="1584.24" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
+		<g id="shape1049-237" v:mID="1049" v:groupContext="shape" transform="translate(782.437,-628.772)">
+			<title>Sheet.1049</title>
+			<desc>directory-3</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="36.92" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>directory-3</text>		</g>
+		<g id="shape1050-240" v:mID="1050" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-699.545)">
+			<title>Dynamic connector.1050</title>
+			<desc>parent_directory_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1573.16" width="81.55" height="17.6036"/>
+			<path d="M9 1548 L9 1591.78" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st11"/>
+			<text x="-26.77" y="1575.56" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
+		<g id="shape1051-247" v:mID="1051" v:groupContext="shape" v:layerMember="0" transform="translate(839.531,-982.984)">
+			<title>Dynamic connector.1051</title>
+			<desc>indicated-by</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9.28125" cy="1568.53" width="52.77" height="17.6036"/>
+			<path d="M8.72 1548 L8.72 1561.5 L9.28 1561.5 L9.28 1583.08" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-12.0976" y="1563.73" width="42.7577" height="9.59985" class="st11"/>
+			<text x="-12.1" y="1570.93" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicated-by</text>		</g>
+		<g id="shape1052-254" v:mID="1052" v:groupContext="shape" transform="translate(595.687,-920.909)">
+			<title>Rectangle.1052</title>
+			<desc>indicator—2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="34.3" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicator—2</text>		</g>
+		<g id="shape1053-257" v:mID="1053" v:groupContext="shape" transform="translate(595.687,-854.292)">
+			<title>Rectangle.1053</title>
+			<desc>observed-data—2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="20.58" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>observed-data—2</text>		</g>
+		<g id="shape1054-260" v:mID="1054" v:groupContext="shape" transform="translate(595.687,-787.676)">
+			<title>Rectangle.1054</title>
+			<desc>x-windows-evt-2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st5"/>
+			<text x="23.29" y="1541.37" class="st6" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-windows-evt-2</text>		</g>
+		<g id="shape1055-263" v:mID="1055" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-920.909)">
+			<title>Dynamic connector.1055</title>
+			<desc>based-on</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1571.08" width="41.81" height="17.6036"/>
+			<path d="M9 1548 L9 1587.62" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st11"/>
+			<text x="-6.9" y="1573.48" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
+		<g id="shape1056-270" v:mID="1056" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-854.292)">
+			<title>Dynamic connector.1056</title>
+			<desc>object_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1571.08" width="49.38" height="17.6036"/>
+			<path d="M9 1548 L9 1587.62" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st11"/>
+			<text x="-10.68" y="1573.48" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
+						class="st12" v:langID="2057">ject_refs</tspan></text>		</g>
+		<g id="shape1057-278" v:mID="1057" v:groupContext="shape" transform="translate(595.687,-699.545)">
+			<title>Rectangle.1057</title>
+			<desc>file--3</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="50.33" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>file--<tspan
+						class="st12" v:langID="1033">3</tspan></text>		</g>
+		<g id="shape1058-282" v:mID="1058" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-787.676)">
+			<title>Dynamic connector.1058</title>
+			<desc>source_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1581.84" width="47.17" height="17.6036"/>
+			<path d="M9 1548 L9 1609.14" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-9.57997" y="1577.04" width="37.1599" height="9.59985" class="st11"/>
+			<text x="-9.58" y="1584.24" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
+		<g id="shape1059-289" v:mID="1059" v:groupContext="shape" transform="translate(594.562,-628.772)">
+			<title>Sheet.1059</title>
+			<desc>directory-2</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="36.92" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>directory-2</text>		</g>
+		<g id="shape1060-292" v:mID="1060" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-699.545)">
+			<title>Dynamic connector.1060</title>
+			<desc>parent_directory_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1573.16" width="81.55" height="17.6036"/>
+			<path d="M9 1548 L9 1591.78" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st11"/>
+			<text x="-26.77" y="1575.56" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
+		<g id="shape1061-299" v:mID="1061" v:groupContext="shape" v:layerMember="0" transform="translate(783.562,-993.212)">
+			<title>Dynamic connector.1061</title>
+			<desc>indicated-by</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-87.2363" cy="1548" width="52.77" height="17.6036"/>
+			<path d="M0 1548 L-122.63 1548 L-122.63 1593.31" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-108.615" y="1543.2" width="42.7577" height="9.59985" class="st11"/>
+			<text x="-108.62" y="1550.4" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicated-by</text>		</g>
+		<g id="shape1062-306" v:mID="1062" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1411.77)">
+			<title>Dynamic connector.1062</title>
+			<desc>contains-refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-252" cy="2043.84" width="55.67" height="17.6036"/>
+			<path d="M0 1548 L-39.55 1548 A3 3 -180 0 0 -45.55 1548 L-252 1548 L-252 2194.77 L-219 2194.77 A3 3 0 0 1 -213 2194.77
+						 L157.31 2194.77 A3 3 0 0 1 163.31 2194.77 L257.62 2194.77 L257.62 2250 L283.15 2250" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-274.832" y="2039.04" width="45.6638" height="9.59985" class="st11"/>
+			<text x="-274.83" y="2046.24" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
+						class="st12" v:langID="2057">ontains</tspan><tspan class="st12" v:langID="2057">-</tspan><tspan
+						class="st12" v:langID="2057">refs</tspan></text>		</g>
+		<g id="shape1063-316" v:mID="1063" v:groupContext="shape" v:layerMember="0" transform="translate(436.5,-1411.77)">
+			<title>Dynamic connector.1063</title>
+			<desc>contains-refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="526.5" cy="1843.47" width="55.67" height="17.6036"/>
+			<path d="M0 1548 L204.56 1548 A3 3 0 1 1 210.56 1548 L526.5 1548 L526.5 2250 L484.1 2250" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="503.668" y="1838.67" width="45.6638" height="9.59985" class="st11"/>
+			<text x="503.67" y="1845.87" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
+						class="st12" v:langID="2057">ontains</tspan><tspan class="st12" v:langID="2057">-</tspan><tspan
+						class="st12" v:langID="2057">refs</tspan></text>		</g>
+		<g id="shape1065-326" v:mID="1065" v:groupContext="shape" v:layerMember="0" transform="translate(371.25,-1401.54)">
+			<title>Dynamic connector.1065</title>
+			<desc>part-of</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-88.65" cy="1591.4" width="40" height="17.6036"/>
+			<path d="M0 1548 L0 1567.12 L-88.65 1567.12 L-88.65 1700.06 L-71.79 1700.06" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-100.218" y="1586.6" width="23.1364" height="9.59985" class="st9"/>
+			<text x="-100.22" y="1593.8" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>part-of</text>		</g>
+		<g id="shape1066-333" v:mID="1066" v:groupContext="shape" v:layerMember="0" transform="translate(653.062,-1348.47)">
+			<title>Dynamic connector.1066</title>
+			<desc>used-in</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-9" cy="1592.38" width="40" height="17.6036"/>
+			<path d="M-9 1548 L-9 1630.21" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-21.6405" y="1587.58" width="25.2809" height="9.59985" class="st11"/>
+			<text x="-21.64" y="1594.78" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>used-in</text>		</g>
+		<g id="shape1067-340" v:mID="1067" v:groupContext="shape" transform="translate(432,-1305.02)">
+			<title>Rectangle.1067</title>
+			<desc>Identify--3</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
+			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st3"/>
+			<text x="38.31" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>Identify--<tspan
+						class="st12" v:langID="1033">3</tspan></text>		</g>
+		<g id="shape1069-344" v:mID="1069" v:groupContext="shape" transform="translate(306,-1185.54)">
+			<title>Rectangle.1069</title>
+			<desc>x-investigation-tool--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="8.36" y="1541.37" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigation-tool--1</text>		</g>
+		<g id="shape1070-347" v:mID="1070" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-1239.26)">
+			<title>Dynamic connector.1070</title>
+			<desc>acquired_using_tool_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1564.63" width="94.77" height="17.6036"/>
+			<path d="M9 1548 L9 1574.72" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-33.3827" y="1559.83" width="84.7653" height="9.59985" class="st11"/>
+			<text x="-33.38" y="1567.03" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>acquired_using_tool_ref</text>		</g>
+		<g id="shape1071-354" v:mID="1071" v:groupContext="shape" transform="translate(306,-1122.54)">
+			<title>Rectangle.1071</title>
+			<desc>software--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="35.7" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>software--1</text>		</g>
+		<g id="shape1072-357" v:mID="1072" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-1185.54)">
+			<title>Dynamic connector.1072</title>
+			<desc>software_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1569.27" width="54.22" height="17.6036"/>
+			<path d="M9 1548 L9 1584" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-13.1034" y="1564.47" width="44.2068" height="9.59985" class="st11"/>
+			<text x="-13.1" y="1571.67" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>software_ref</text>		</g>
+		<g id="shape1073-364" v:mID="1073" v:groupContext="shape" transform="translate(162,-911.25)">
+			<title>Rectangle.1073</title>
+			<desc>x-file-visit--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st5"/>
+			<text x="33.45" y="1541.37" class="st6" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x-file-visit<tspan
+						class="st12" v:langID="2057">--</tspan><tspan class="st12" v:langID="2057">1</tspan></text>		</g>
+		<g id="shape1074-369" v:mID="1074" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-864.52)">
+			<title>Dynamic connector.1074</title>
+			<desc>object_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-110.271" cy="1548" width="49.38" height="17.6036"/>
+			<path d="M0 1548 L-173.81 1548 L-173.81 1507.81" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-129.955" y="1543.2" width="39.367" height="9.59985" class="st9"/>
+			<text x="-129.95" y="1550.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>object_refs</text>		</g>
+		<g id="shape1075-376" v:mID="1075" v:groupContext="shape" transform="translate(162,-976.295)">
+			<title>Rectangle.1075</title>
+			<desc>file--1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
+			<text x="50.33" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>file--1</text>		</g>
+		<g id="shape1076-379" v:mID="1076" v:groupContext="shape" v:layerMember="0" transform="translate(218.25,-933.75)">
+			<title>Dynamic connector.1076</title>
+			<desc>source-ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="9" cy="1526.73" width="45.23" height="17.6036"/>
+			<path d="M9 1548 L9 1512" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-8.60919" y="1521.93" width="35.2183" height="9.59985" class="st11"/>
+			<text x="-8.61" y="1529.13" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>source-ref</text>		</g>
+		<g id="shape1077-386" v:mID="1077" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1411.77)">
+			<title>Dynamic connector.1077</title>
+			<desc>contains-refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-78.75" cy="1716.14" width="55.67" height="17.6036"/>
+			<path d="M0 1548 L-39.55 1548 A3 3 -180 0 0 -45.55 1548 L-78.75 1548 L-78.75 1956.48" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-101.582" y="1711.34" width="45.6638" height="9.59985" class="st11"/>
+			<text x="-101.58" y="1718.54" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
+						class="st12" v:langID="2057">ontains</tspan><tspan class="st12" v:langID="2057">-</tspan><tspan
+						class="st12" v:langID="2057">refs</tspan></text>		</g>
+		<g id="shape1078-396" v:mID="1078" v:groupContext="shape" v:layerMember="0" transform="translate(595.687,-864.52)">
+			<title>Dynamic connector.1078</title>
+			<desc>object-refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-13.5" cy="1599.87" width="47.43" height="17.6036"/>
+			<path d="M0 1548 L-13.5 1548 L-13.5 1614.62 L-57.58 1614.62" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-32.2128" y="1595.07" width="37.4255" height="9.59985" class="st11"/>
+			<text x="-32.21" y="1602.27" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>object-refs</text>		</g>
+		<g id="shape1079-403" v:mID="1079" v:groupContext="shape" transform="translate(1095.75,-1314.99)">
+			<title>Rectangle.1079</title>
+			<desc>Cyber Forensic Domain Object</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1531.26" width="129.38" height="33.4898"/>
+			<rect x="0" y="1514.51" width="129.375" height="33.4898" class="st1"/>
+			<text x="25.57" y="1527.66" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Cyber Forensic <tspan
+						x="25.91" dy="1.2em" class="st12">Domain Object</tspan></text>		</g>
+		<g id="shape1080-407" v:mID="1080" v:groupContext="shape" transform="translate(1094.62,-1252.75)">
+			<title>Rectangle.1080</title>
+			<desc>Cyber Forensic Domain Object</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1531.26" width="130.51" height="33.4898"/>
+			<rect x="0" y="1514.51" width="130.5" height="33.4898" class="st5"/>
+			<text x="4.46" y="1527.66" class="st6" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Cyber Forensic Domain <tspan
+						x="48.15" dy="1.2em" class="st12">Object</tspan></text>		</g>
+		<g id="shape1081-411" v:mID="1081" v:groupContext="shape" transform="translate(1094.62,-1190.51)">
+			<title>Rectangle.1081</title>
+			<desc>STIX Object</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="64.6875" cy="1531.26" width="129.38" height="33.4898"/>
+			<rect x="0" y="1514.51" width="129.375" height="33.4898" class="st3"/>
+			<text x="34.33" y="1534.86" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>STIX Object</text>		</g>
+		<g id="shape1082-414" v:mID="1082" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-1259.72)">
+			<title>Dynamic connector.1082</title>
+			<desc>assigned-to</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-73.6875" cy="1525.35" width="50.59" height="17.6036"/>
+			<path d="M0 1548 L-141.12 1504.61" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-93.9802" y="1520.55" width="40.5854" height="9.59985" class="st11"/>
+			<text x="-93.98" y="1527.75" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>assigned-to</text>		</g>
+		<g id="shape1083-421" v:mID="1083" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-1249.49)">
+			<title>Dynamic connector.1083</title>
+			<desc>invovles</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-23.1702" cy="1575.77" width="40" height="17.6036"/>
+			<path d="M0 1548 L-42.15 1598.51" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-37.2678" y="1570.97" width="28.195" height="9.59985" class="st11"/>
+			<text x="-37.27" y="1578.17" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>invovles</text>		</g>
+		<g id="shape1084-428" v:mID="1084" v:groupContext="shape" v:layerMember="0" transform="translate(371.25,-1259.72)">
+			<title>Dynamic connector.1084</title>
+			<desc>acquired_by_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="62.7188" cy="1525.35" width="68.14" height="17.6036"/>
+			<path d="M0 1548 L119.29 1504.91" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="34.6524" y="1520.55" width="56.1327" height="9.59985" class="st11"/>
+			<text x="34.65" y="1527.75" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>acquired_by_ref  </text>		</g>
+		<g id="shape1085-435" v:mID="1085" v:groupContext="shape" v:layerMember="0" transform="translate(292.5,-921.478)">
+			<title>Dynamic connector.1085</title>
+			<desc>exploits</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="79.3125" cy="1515.52" width="40" height="17.6036"/>
+			<path d="M0 1548 L79.31 1548 L79.31 1410.27" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="65.4805" y="1510.72" width="27.6638" height="9.59985" class="st11"/>
+			<text x="65.48" y="1517.92" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
+		<g id="shape1086-442" v:mID="1086" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-993.212)">
+			<title>Dynamic connector.1086</title>
+			<desc>exploits</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-29.25" cy="1528.23" width="40" height="17.6036"/>
+			<path d="M0 1548 L-29.25 1548 L-29.25 1485.75" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-43.082" y="1523.43" width="27.6638" height="9.59985" class="st11"/>
+			<text x="-43.08" y="1530.63" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
+		<g id="shape1087-449" v:mID="1087" v:groupContext="shape" transform="translate(295.875,-808.772)">
+			<title>Rectangle.1087</title>
+			<desc>url</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="28.125" cy="1537.77" width="56.26" height="20.4551"/>
+			<rect x="0" y="1527.54" width="56.25" height="20.4551" class="st3"/>
+			<text x="21.2" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>url</text>		</g>
+		<g id="shape1088-452" v:mID="1088" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-797.903)">
+			<title>Dynamic connector.1088</title>
+			<desc>url_ref</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-13.9205" cy="1526.9" width="40" height="17.6036"/>
+			<path d="M0 1548 L-13.5 1548 L-13.5 1526.9 L-42.4 1526.9" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-25.3423" y="1522.1" width="22.8439" height="9.59985" class="st11"/>
+			<text x="-25.34" y="1529.3" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>url_ref</text>		</g>
+		<g id="shape1089-459" v:mID="1089" v:groupContext="shape" v:layerMember="0" transform="translate(466.312,-854.292)">
+			<title>Dynamic connector.1089</title>
+			<desc>object_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-70.1887" cy="1561.5" width="49.38" height="17.6036"/>
+			<path d="M0 1548 L0 1561.5 L-142.31 1561.5 L-142.31 1566.52" class="st7"/>
+			<rect v:rectContext="textBkgnd" x="-89.8723" y="1556.7" width="39.367" height="9.59985" class="st11"/>
+			<text x="-89.87" y="1563.9" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
+						class="st12" v:langID="2057">ject_refs</tspan></text>		</g>
+	</g>
+</svg>
diff --git a/STIX_for_digital_forensics/readme.md b/STIX_for_digital_forensics/readme.md
index 1ba3ff2..1c18711 100644
--- a/STIX_for_digital_forensics/readme.md
+++ b/STIX_for_digital_forensics/readme.md
@@ -16,6 +16,8 @@ The xSTIX includes a set of Cyber Forensic Objects (CFOs), customized properties
 
 - **Open Vocabulary extension:** Add vocabulary in the field of cyber forensic investigations.
 
+![CFO graph](CFO_intro.svg)
+
 ## Extension Format
 
 - **CFOs:** We follow the STIX specification for [customizing objects](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_p2sz1mp7z524). The most important rule to create a new object type is that the value of the type property in a Custom Object SHOULD start with “x-” followed by a source unique identifier (like a domain name with dots replaced by hyphens), a hyphen and then the name. For example, x-example-com-customobject.
@@ -333,10 +335,10 @@ An action is one cyber criminal activity performed under a user account. It is a
 
 ### Relationships
 
-| Source   | Relationship Type | Target       | Description                                                                |
-| -------- | ----------------- | ------------ | -------------------------------------------------------------------------- |
-| x-action | traced-back-to    | user-account | This Relationship describes that an action is traced-back-to user-account. |
-| x-action | indicated-by      | indicator    | This Relationship describes that an action is indicated-by of indicator.   |
+| Source   | Relationship Type | Target       | Description                                                             |
+| -------- | ----------------- | ------------ | ----------------------------------------------------------------------- |
+| x-action | exploits          | user-account | This Relationship describes that a Action exploits a User Account.      |
+| x-action | indicated-by      | indicator    | This Relationship describes that a Action is indicated-by of Indicator. |
 
 ## Example: An action that search for anti-forensics tools
 
@@ -387,7 +389,7 @@ An action is one cyber criminal activity performed under a user account. It is a
     "id": "relationship--014841f8-eb38-4673-9904-70f67c92dd8b",
     "created": "2020-01-16T18:52:24.277Z",
     "modified": "2020-01-16T18:52:24.277Z",
-    "relationship_type": "traced-back-to",
+    "relationship_type": "exploits",
     "source_ref": "x-action--87a3e4ee-102c-4cc9-9017-96089a0e0680",
     "target_ref": "user-account--68f0b7d5-f7ab-47d2-8773-739ceb1c11bb"
   },
@@ -470,12 +472,12 @@ A Timeline object describes a specific cybercrime case that is represented by a
 | description        | string                | A description that provides more details and context about a timeline. |
 | reconstructed_from | identifier            | Specifies timeline is reconstructed from a crime case.                 |
 | reconstructed_by   | identifier            | Specifies timeline is reconstructed by an identity.                    |
-| exploits           | identifier            | Specifies timeline exploits a User Account.                            |
 
 ### Relationships
 
-| Source | Relationship Type | Target | Description |
-| ------ | ----------------- | ------ | ----------- |
+| Source     | Relationship Type | Target       | Description                                                          |
+| ---------- | ----------------- | ------------ | -------------------------------------------------------------------- |
+| x-timeline | exploits          | user-account | This Relationship describes that a Timeline exploits a User Account. |
 
 ## Example: data leakage using a UBS
 
@@ -819,10 +821,9 @@ Notes:
 
 ### Relationships
 
-| Source        | Relationship Type | Target           | Description                                                                          |
-| ------------- | ----------------- | ---------------- | ------------------------------------------------------------------------------------ |
-| x-windows-evt | traced-back-to    | user-account     | This Relationship describes that x-windows-evt can be traced back to a user-account. |
-| x-windows-evt | extracted-from    | x-disk-partition | This Relationship describes that x-windows-evt is extracted from x-disk-partition.   |
+| Source        | Relationship Type | Target       | Description                                                               |
+| ------------- | ----------------- | ------------ | ------------------------------------------------------------------------- |
+| x-windows-evt | exploits          | user-account | This Relationship describes that a Windows Event exploits a User Account. |
 
 ### Example 1: describes a "logon" event recorded in the security event file.
 
@@ -874,7 +875,7 @@ Notes:
     "id": "relationship--014841f8-eb38-4673-9904-70f67c92dd8b",
     "created": "2020-01-16T18:52:24.277Z",
     "modified": "2020-01-16T18:52:24.277Z",
-    "relationship_type": "traced-back-to",
+    "relationship_type": "exploits",
     "source_ref": "x-windows-evt--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
     "target_ref": "user-account--0d5b424b-93b8-5cd8-ac36-306e1789d63c"
   }
@@ -921,10 +922,9 @@ A Webpage Visit object represents a visit to a webpage.
 
 ### Relationships
 
-| Source          | Relationship Type | Target           | Description                                                                                       |
-| --------------- | ----------------- | ---------------- | ------------------------------------------------------------------------------------------------- |
-| x-webpage-visit | traced-back-to    | user-account     | This Relationship describes that x-webpage-visit can be traced back to a user-account.            |
-| x-webpage-visit | extracted-from    | x-disk-partition | This Relationship describes that a piece of x-webpage-visit is extracted from a x-disk-partition. |
+| Source          | Relationship Type | Target       | Description                                                               |
+| --------------- | ----------------- | ------------ | ------------------------------------------------------------------------- |
+| x-webpage-visit | exploits          | user-account | This Relationship describes that a Webpage Visit exploits a User Account. |
 
 ### Examples
 
@@ -962,7 +962,7 @@ A Webpage Visit object represents a visit to a webpage.
     "id": "relationship--014841f8-eb38-4673-9904-70f67c92dd8b",
     "created": "2020-01-16T18:52:24.277Z",
     "modified": "2020-01-16T18:52:24.277Z",
-    "relationship_type": "traced-back-to",
+    "relationship_type": "exploits",
     "source_ref": "x-webpage-visit-evidence--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
     "target_ref": "user-account--68f0b7d5-f7ab-47d2-8773-739ceb1c11bb"
   }
@@ -1005,10 +1005,9 @@ Vocabulary Name: x-pnp-message-type-enum
 
 ### Relationships
 
-| Source    | Relationship Type | Target           | Description                                                                        |
-| --------- | ----------------- | ---------------- | ---------------------------------------------------------------------------------- |
-| x-pnp-evt | traced-back-to    | user-account     | This Relationship describes that a x-pnp-evt can be traced back to a user-account. |
-| x-pnp-evt | extracted-from    | x-disk-partition | This Relationship describes that a x-pnp-evt is extracted from a x-disk-partition. |
+| Source    | Relationship Type | Target       | Description                                                           |
+| --------- | ----------------- | ------------ | --------------------------------------------------------------------- |
+| x-pnp-evt | exploits          | user-account | This Relationship describes that a pnp Event exploits a user-account. |
 
 ### Examples
 
@@ -1096,10 +1095,9 @@ A File Visit object represents properties that are associated with a file/direct
 
 ### Relationships
 
-| Source       | Relationship Type | Target           | Description                                                                           |
-| ------------ | ----------------- | ---------------- | ------------------------------------------------------------------------------------- |
-| x-file-visit | traced-back-to    | user-account     | This Relationship describes that a x-file-visit can be traced back to a user-account. |
-| x-file-visit | extracted-from    | x-disk-partition | This Relationship describes that a x-file-visit is extracted from a x-disk-partition. |
+| Source       | Relationship Type | Target       | Description                                                            |
+| ------------ | ----------------- | ------------ | ---------------------------------------------------------------------- |
+| x-file-visit | exploits          | user-account | This Relationship describes that a File Visit exploits a User Account. |
 
 ### RecentFileCache