From be512a064e41d91a4c2b9852715c2da0ac1f81fe Mon Sep 17 00:00:00 2001
From: Frank Xu <frank.w.xu@gmail.com>
Date: Sun, 14 Feb 2021 21:42:40 -0500
Subject: [PATCH] add investigation tools to evidence

---
 STIX_for_digital_forensics/CFO_intro.svg | 626 ++++++++++++++---------
 STIX_for_digital_forensics/readme.md     |  80 +--
 2 files changed, 419 insertions(+), 287 deletions(-)

diff --git a/STIX_for_digital_forensics/CFO_intro.svg b/STIX_for_digital_forensics/CFO_intro.svg
index acc3ec2..f98cda1 100644
--- a/STIX_for_digital_forensics/CFO_intro.svg
+++ b/STIX_for_digital_forensics/CFO_intro.svg
@@ -3,7 +3,7 @@
 <!-- Generated by Microsoft Visio, SVG Export CFO_intro.svg Page-1 -->
 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
 		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="16.5in" height="21.5in" viewBox="0 0 1188 1548"
-		xml:space="preserve" color-interpolation-filters="sRGB" class="st12">
+		xml:space="preserve" color-interpolation-filters="sRGB" class="st13">
 	<v:documentProperties v:langID="1033" v:viewMarkup="false">
 		<v:userDefs>
 			<v:ud v:nameU="msvNoAutoConnect" v:val="VT0(1):26"/>
@@ -18,12 +18,13 @@
 		.st4 {fill:#004b74;font-family:Franklin Gothic Demi;font-size:1.00001em}
 		.st5 {fill:#ffffff;stroke:#00bc74;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
 		.st6 {fill:#00653e;font-family:Franklin Gothic Demi;font-size:1.00001em}
-		.st7 {marker-end:url(#mrkr4-42);stroke:#008cd8;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
-		.st8 {fill:#008cd8;fill-opacity:1;stroke:#008cd8;stroke-opacity:1;stroke-width:0.22935779816514}
-		.st9 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
-		.st10 {fill:#002f49;font-family:Franklin Gothic Demi;font-size:0.666664em}
-		.st11 {font-size:1em}
-		.st12 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+		.st7 {font-size:1em}
+		.st8 {marker-end:url(#mrkr4-45);stroke:#008cd8;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+		.st9 {fill:#008cd8;fill-opacity:1;stroke:#008cd8;stroke-opacity:1;stroke-width:0.22935779816514}
+		.st10 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st11 {fill:#002f49;font-family:Franklin Gothic Demi;font-size:0.666664em}
+		.st12 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+		.st13 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
 	]]>
 	</style>
 
@@ -31,7 +32,7 @@
 		<g id="lend4">
 			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
 		</g>
-		<marker id="mrkr4-42" class="st8" v:arrowType="4" v:arrowSize="2" v:setback="8.72" refX="-8.72" orient="auto"
+		<marker id="mrkr4-45" class="st9" v:arrowType="4" v:arrowSize="2" v:setback="8.72" refX="-8.72" orient="auto"
 				markerUnits="strokeWidth" overflow="visible">
 			<use xlink:href="#lend4" transform="scale(-4.36,-4.36) "/>
 		</marker>
@@ -43,7 +44,7 @@
 		<title>Page-1</title>
 		<v:pageProperties v:drawingScale="1" v:pageScale="1" v:drawingUnits="19" v:shadowOffsetX="9" v:shadowOffsetY="-9"/>
 		<v:layer v:name="Connector" v:index="0"/>
-		<g id="shape3-1" v:mID="3" v:groupContext="shape" transform="translate(306,-1124.37)">
+		<g id="shape3-1" v:mID="3" v:groupContext="shape" transform="translate(306,-1197)">
 			<title>Rectangle</title>
 			<desc>x-disk-partition--1</desc>
 			<v:userDefs>
@@ -65,14 +66,14 @@
 			<text x="5.71" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-secondary-storage--1</text>		</g>
 		<g id="shape5-7" v:mID="5" v:groupContext="shape" transform="translate(306,-962.089)">
 			<title>Rectangle.5</title>
-			<desc>x-disk-image--1</desc>
+			<desc>x-image--1</desc>
 			<v:userDefs>
 				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
 			</v:userDefs>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
-			<text x="25.36" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-disk-image--1</text>		</g>
+			<text x="37.82" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-image--1</text>		</g>
 		<g id="shape1000-10" v:mID="1000" v:groupContext="shape" transform="translate(401.062,-705.812)">
 			<title>Rectangle.1000</title>
 			<desc>x-action--1</desc>
@@ -155,23 +156,24 @@
 			<text x="37.05" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-action--2</text>		</g>
 		<g id="shape1009-34" v:mID="1009" v:groupContext="shape" transform="translate(794.25,-962.089)">
 			<title>Rectangle.1009</title>
-			<desc>x-memory- image—1</desc>
+			<desc>x-image—2</desc>
 			<v:userDefs>
 				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
 			</v:userDefs>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
 			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st1"/>
-			<text x="12.24" y="1541.37" class="st2" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-memory- image—1</text>		</g>
-		<g id="shape1011-37" v:mID="1011" v:groupContext="shape" v:layerMember="0" transform="translate(436.5,-963.317)">
+			<text x="36.35" y="1541.37" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x<tspan class="st7"
+						v:langID="2057">-</tspan><tspan class="st7" v:langID="2057">image</tspan><tspan class="st7" v:langID="2057">—</tspan>2</text>		</g>
+		<g id="shape1011-40" v:mID="1011" v:groupContext="shape" v:layerMember="0" transform="translate(436.5,-963.317)">
 			<title>Dynamic connector.1011</title>
-			<desc>evidence_of</desc>
+			<desc>evidence-of</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="71.4375" cy="1539" width="52.21" height="17.6036"/>
-			<path d="M0 1539 L136.33 1539" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="50.336" y="1534.2" width="42.2029" height="9.59985" class="st9"/>
-			<text x="50.34" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>evidence_of</text>		</g>
-		<g id="shape1012-45" v:mID="1012" v:groupContext="shape" transform="translate(307.125,-788.579)">
+			<v:textRect cx="71.4375" cy="1539" width="50.27" height="17.6036"/>
+			<path d="M0 1539 L136.33 1539" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="51.3068" y="1534.2" width="40.2613" height="9.59985" class="st10"/>
+			<text x="51.31" y="1541.4" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>evidence-of</text>		</g>
+		<g id="shape1012-48" v:mID="1012" v:groupContext="shape" transform="translate(307.125,-788.579)">
 			<title>Rectangle.1012</title>
 			<desc>user-account --1</desc>
 			<v:userDefs>
@@ -181,89 +183,90 @@
 			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
 			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st3"/>
 			<text x="22.41" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>user-account --1</text>		</g>
-		<g id="shape1013-48" v:mID="1013" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-789.806)">
+		<g id="shape1013-51" v:mID="1013" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-789.806)">
 			<title>Dynamic connector.1013</title>
 			<desc>exploits</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-71.4375" cy="1539" width="40" height="17.6036"/>
-			<path d="M0 1539 L-136.33 1539" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-85.2695" y="1534.2" width="27.6638" height="9.59985" class="st9"/>
-			<text x="-85.27" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
-		<g id="shape1014-55" v:mID="1014" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-788.579)">
+			<path d="M0 1539 L-136.33 1539" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-85.2695" y="1534.2" width="27.6638" height="9.59985" class="st10"/>
+			<text x="-85.27" y="1541.4" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
+		<g id="shape1014-58" v:mID="1014" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-788.579)">
 			<title>Dynamic connector.1014</title>
 			<desc>action_refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-81.7906" cy="1586.24" width="49.44" height="17.6036"/>
-			<path d="M0 1548 L0 1586.24 L-177.75 1586.24 L-177.75 1603.77" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-101.505" y="1581.44" width="39.4297" height="9.59985" class="st9"/>
-			<text x="-101.51" y="1588.64" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>action_refs</text>		</g>
-		<g id="shape1017-62" v:mID="1017" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-705.812)">
+			<path d="M0 1548 L0 1586.24 L-177.75 1586.24 L-177.75 1603.77" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-101.505" y="1581.44" width="39.4297" height="9.59985" class="st10"/>
+			<text x="-101.51" y="1588.64" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>action_refs</text>		</g>
+		<g id="shape1017-65" v:mID="1017" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-705.812)">
 			<title>Dynamic connector.1017</title>
 			<desc>Indicated-by</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1568.81" width="52.96" height="17.6036"/>
-			<path d="M9 1548 L9 1583.08" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-12.4765" y="1564.01" width="42.953" height="9.59985" class="st9"/>
-			<text x="-12.48" y="1571.21" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>Indicated-by</text>		</g>
-		<g id="shape1018-69" v:mID="1018" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-643.737)">
+			<path d="M9 1548 L9 1583.08" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-12.4765" y="1564.01" width="42.953" height="9.59985" class="st10"/>
+			<text x="-12.48" y="1571.21" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>Indicated-by</text>		</g>
+		<g id="shape1018-72" v:mID="1018" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-643.737)">
 			<title>Dynamic connector.1018</title>
 			<desc>based-on</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1571.08" width="41.81" height="17.6036"/>
-			<path d="M9 1548 L9 1587.62" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st9"/>
-			<text x="-6.9" y="1573.48" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
-		<g id="shape1019-76" v:mID="1019" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-577.12)">
+			<path d="M9 1548 L9 1587.62" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st10"/>
+			<text x="-6.9" y="1573.48" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
+		<g id="shape1019-79" v:mID="1019" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-577.12)">
 			<title>Dynamic connector.1019</title>
 			<desc>object_refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1571.08" width="49.38" height="17.6036"/>
-			<path d="M9 1548 L9 1587.62" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st9"/>
-			<text x="-10.68" y="1573.48" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
-						class="st11" v:langID="2057">ject_refs</tspan></text>		</g>
-		<g id="shape1021-84" v:mID="1021" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-982.544)">
+			<path d="M9 1548 L9 1587.62" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st10"/>
+			<text x="-10.68" y="1573.48" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
+						class="st7" v:langID="2057">ject_refs</tspan></text>		</g>
+		<g id="shape1021-87" v:mID="1021" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-982.544)">
 			<title>Dynamic connector.1021</title>
 			<desc>image-of</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1503.62" width="40.66" height="17.6036"/>
-			<path d="M9 1548 L9 1465.79" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-6.32417" y="1498.83" width="30.6483" height="9.59985" class="st9"/>
-			<text x="-6.32" y="1506.03" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>image-of</text>		</g>
-		<g id="shape1024-91" v:mID="1024" v:groupContext="shape" v:layerMember="0" transform="translate(794.25,-963.317)">
+			<path d="M9 1548 L9 1465.79" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-6.32417" y="1498.83" width="30.6483" height="9.59985" class="st10"/>
+			<text x="-6.32" y="1506.03" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>image-of</text>		</g>
+		<g id="shape1024-94" v:mID="1024" v:groupContext="shape" v:layerMember="0" transform="translate(794.25,-963.317)">
 			<title>Dynamic connector.1024</title>
 			<desc>evidence-of</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-42.75" cy="1539" width="50.27" height="17.6036"/>
-			<path d="M0 1539 L-78.96 1539" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-62.8807" y="1534.2" width="40.2613" height="9.59985" class="st9"/>
-			<text x="-62.88" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>evidence-of</text>		</g>
-		<g id="shape1025-98" v:mID="1025" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-788.579)">
+			<path d="M0 1539 L-78.96 1539" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-62.8807" y="1534.2" width="40.2613" height="9.59985" class="st10"/>
+			<text x="-62.88" y="1541.4" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>evidence-of</text>		</g>
+		<g id="shape1025-101" v:mID="1025" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-788.579)">
 			<title>Dynamic connector.1025</title>
 			<desc>action_refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="95.0094" cy="1586.24" width="49.44" height="17.6036"/>
-			<path d="M0 1548 L0 1586.24 L204.19 1586.24 L204.19 1603.77" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="75.2945" y="1581.44" width="39.4297" height="9.59985" class="st9"/>
-			<text x="75.29" y="1588.64" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>action_refs</text>		</g>
-		<g id="shape1026-105" v:mID="1026" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-1091.75)">
+			<path d="M0 1548 L0 1586.24 L204.19 1586.24 L204.19 1603.77" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="75.2945" y="1581.44" width="39.4297" height="9.59985" class="st10"/>
+			<text x="75.29" y="1588.64" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>action_refs</text>		</g>
+		<g id="shape1026-108" v:mID="1026" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-1091.75)">
 			<title>Dynamic connector.1026</title>
 			<desc>has</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-269.136" cy="1467.92" width="40" height="17.6036"/>
-			<path d="M0 1548 L0 1467.92 L-380.61 1467.92 L-380.61 1840.94 L-343.48 1840.94" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-275.37" y="1463.12" width="12.4684" height="9.59985" class="st9"/>
-			<text x="-275.37" y="1470.32" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>has</text>		</g>
-		<g id="shape1027-112" v:mID="1027" v:groupContext="shape" v:layerMember="0" transform="translate(635.062,-809.034)">
+			<path d="M0 1548 L0 1467.92 L-269.81 1467.92 A3 3 -180 0 0 -275.81 1467.92 L-380.61 1467.92 L-380.61 1840.94 L-343.48
+						 1840.94" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-275.37" y="1463.12" width="12.4684" height="9.59985" class="st10"/>
+			<text x="-275.37" y="1470.32" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>has</text>		</g>
+		<g id="shape1027-115" v:mID="1027" v:groupContext="shape" v:layerMember="0" transform="translate(635.062,-809.034)">
 			<title>Dynamic connector.1027</title>
 			<desc>reconstructed_from</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1471.47" width="79.25" height="17.6036"/>
-			<path d="M9 1548 L9 1401.48" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-25.6189" y="1466.67" width="69.2378" height="9.59985" class="st9"/>
-			<text x="-25.62" y="1473.87" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>r<tspan
-						class="st11" v:langID="2057">econstructed_from</tspan></text>		</g>
-		<g id="shape1028-120" v:mID="1028" v:groupContext="shape" transform="translate(401.062,-422.372)">
+			<path d="M9 1548 L9 1401.48" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-25.6189" y="1466.67" width="69.2378" height="9.59985" class="st10"/>
+			<text x="-25.62" y="1473.87" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>r<tspan
+						class="st7" v:langID="2057">econstructed_from</tspan></text>		</g>
+		<g id="shape1028-123" v:mID="1028" v:groupContext="shape" transform="translate(401.062,-357.545)">
 			<title>Rectangle.1028</title>
 			<desc>file--2</desc>
 			<v:userDefs>
@@ -273,16 +276,16 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="50.33" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>file--<tspan
-						class="st11" v:langID="1033">2</tspan></text>		</g>
-		<g id="shape1029-124" v:mID="1029" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-510.503)">
+						class="st7" v:langID="1033">2</tspan></text>		</g>
+		<g id="shape1029-127" v:mID="1029" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-510.503)">
 			<title>Dynamic connector.1029</title>
 			<desc>source_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="9" cy="1581.84" width="47.17" height="17.6036"/>
-			<path d="M9 1548 L9 1609.14" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-9.57997" y="1577.04" width="37.1599" height="9.59985" class="st9"/>
-			<text x="-9.58" y="1584.24" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
-		<g id="shape1030-131" v:mID="1030" v:groupContext="shape" transform="translate(106.875,-509.579)">
+			<v:textRect cx="9" cy="1614.25" width="47.17" height="17.6036"/>
+			<path d="M9 1548 L9 1673.96" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-9.57997" y="1609.45" width="37.1599" height="9.59985" class="st10"/>
+			<text x="-9.58" y="1616.65" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
+		<g id="shape1030-134" v:mID="1030" v:groupContext="shape" transform="translate(106.875,-509.579)">
 			<title>Rectangle.1030</title>
 			<desc>software--2</desc>
 			<v:userDefs>
@@ -292,70 +295,70 @@
 			<v:textRect cx="43.3125" cy="1537.77" width="86.63" height="20.4551"/>
 			<rect x="0" y="1527.54" width="86.625" height="20.4551" class="st3"/>
 			<text x="13.76" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>software--2</text>		</g>
-		<g id="shape1031-134" v:mID="1031" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-529.269)">
+		<g id="shape1031-137" v:mID="1031" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-529.269)">
 			<title>Dynamic connector.1031</title>
 			<desc>browser_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-103.319" cy="1557.46" width="51.65" height="17.6036"/>
-			<path d="M0 1556.54 L-13.5 1556.54 L-13.5 1557.46 L-201.02 1557.46" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-124.137" y="1552.66" width="41.6365" height="9.59985" class="st9"/>
-			<text x="-124.14" y="1559.86" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>browser_ref</text>		</g>
-		<g id="shape1032-141" v:mID="1032" v:groupContext="shape" transform="translate(399.937,-351.6)">
+			<path d="M0 1556.54 L-13.5 1556.54 L-13.5 1557.46 L-201.02 1557.46" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-124.137" y="1552.66" width="41.6365" height="9.59985" class="st10"/>
+			<text x="-124.14" y="1559.86" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>browser_ref</text>		</g>
+		<g id="shape1032-144" v:mID="1032" v:groupContext="shape" transform="translate(399.937,-286.772)">
 			<title>Sheet.1032</title>
 			<desc>directory-1</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="36.92" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>directory-1</text>		</g>
-		<g id="shape1033-144" v:mID="1033" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-422.372)">
+		<g id="shape1033-147" v:mID="1033" v:groupContext="shape" v:layerMember="0" transform="translate(457.312,-357.545)">
 			<title>Dynamic connector.1033</title>
 			<desc>parent_directory_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1573.16" width="81.55" height="17.6036"/>
-			<path d="M9 1548 L9 1591.78" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st9"/>
-			<text x="-26.77" y="1575.56" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
-		<g id="shape1034-151" v:mID="1034" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1134.6)">
+			<path d="M9 1548 L9 1591.78" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st12"/>
+			<text x="-26.77" y="1575.56" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
+		<g id="shape1034-154" v:mID="1034" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1207.23)">
 			<title>Dynamic connector.1034</title>
 			<desc>contains-refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-216" cy="1946.53" width="55.67" height="17.6036"/>
-			<path d="M0 1548 L-39.55 1548 A3 3 -180 0 0 -45.55 1548 L-216 1548 L-216 2250 L88.52 2250" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-238.832" y="1941.73" width="45.6638" height="9.59985" class="st9"/>
-			<text x="-238.83" y="1948.93" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
-						class="st11" v:langID="2057">ontains</tspan><tspan class="st11" v:langID="2057">-</tspan><tspan
-						class="st11" v:langID="2057">refs</tspan></text>		</g>
-		<g id="shape1035-161" v:mID="1035" v:groupContext="shape" transform="translate(480.375,-826.665)">
+			<v:textRect cx="-216" cy="2015.26" width="55.67" height="17.6036"/>
+			<path d="M0 1548 L-216 1548 L-216 2387.46 L88.52 2387.46" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-238.832" y="2010.46" width="45.6638" height="9.59985" class="st12"/>
+			<text x="-238.83" y="2017.66" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
+						class="st7" v:langID="2057">ontains</tspan><tspan class="st7" v:langID="2057">-</tspan><tspan class="st7"
+						v:langID="2057">refs</tspan></text>		</g>
+		<g id="shape1035-164" v:mID="1035" v:groupContext="shape" transform="translate(480.375,-826.665)">
 			<title>Sheet.1035</title>
 			<desc>threat-actor--1</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="43.3125" cy="1536.8" width="86.63" height="22.4037"/>
 			<rect x="0" y="1525.6" width="86.625" height="22.4037" class="st3"/>
 			<text x="5.42" y="1540.4" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>threat-actor--1</text>		</g>
-		<g id="shape1036-164" v:mID="1036" v:groupContext="shape" transform="translate(480.375,-894.377)">
+		<g id="shape1036-167" v:mID="1036" v:groupContext="shape" transform="translate(480.375,-894.377)">
 			<title>Sheet.1036</title>
 			<desc>Identity--1</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="43.3125" cy="1536.8" width="86.63" height="22.4037"/>
 			<rect x="0" y="1525.6" width="86.625" height="22.4037" class="st3"/>
 			<text x="16.75" y="1540.4" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>Identity--1    </text>		</g>
-		<g id="shape1037-167" v:mID="1037" v:groupContext="shape" v:layerMember="0" transform="translate(514.687,-849.069)">
+		<g id="shape1037-170" v:mID="1037" v:groupContext="shape" v:layerMember="0" transform="translate(514.687,-849.069)">
 			<title>Dynamic connector.1037</title>
 			<desc>attributed-to</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1525.35" width="54.11" height="17.6036"/>
-			<path d="M9 1548 L9 1509.23" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-13.0506" y="1520.55" width="44.101" height="9.59985" class="st9"/>
-			<text x="-13.05" y="1527.75" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>attributed-to</text>		</g>
-		<g id="shape1038-174" v:mID="1038" v:groupContext="shape" v:layerMember="0" transform="translate(480.375,-905.579)">
+			<path d="M9 1548 L9 1509.23" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-13.0506" y="1520.55" width="44.101" height="9.59985" class="st10"/>
+			<text x="-13.05" y="1527.75" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>attributed-to</text>		</g>
+		<g id="shape1038-177" v:mID="1038" v:groupContext="shape" v:layerMember="0" transform="translate(480.375,-905.579)">
 			<title>Dynamic connector.1038</title>
 			<desc>related-to</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-19.5088" cy="1631.04" width="44.07" height="17.6036"/>
-			<path d="M0 1548 L-13.5 1548 L-13.5 1631.04 L-108.56 1631.04 L-108.56 1638" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-36.5418" y="1626.25" width="34.0659" height="9.59985" class="st9"/>
-			<text x="-36.54" y="1633.45" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>related-to</text>		</g>
-		<g id="shape1039-181" v:mID="1039" v:groupContext="shape" transform="translate(794.25,-788.579)">
+			<path d="M0 1548 L-13.5 1548 L-13.5 1631.04 L-108.56 1631.04 L-108.56 1638" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-36.5418" y="1626.25" width="34.0659" height="9.59985" class="st10"/>
+			<text x="-36.54" y="1633.45" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>related-to</text>		</g>
+		<g id="shape1039-184" v:mID="1039" v:groupContext="shape" transform="translate(794.25,-788.579)">
 			<title>Rectangle.1039</title>
 			<desc>identity--2</desc>
 			<v:userDefs>
@@ -364,27 +367,27 @@
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
 			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st3"/>
-			<text x="38.27" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>i<tspan class="st11"
-						v:langID="2057">denti</tspan>ty<tspan class="st11" v:langID="2057">--</tspan><tspan class="st11"
+			<text x="38.27" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>i<tspan class="st7"
+						v:langID="2057">denti</tspan>ty<tspan class="st7" v:langID="2057">--</tspan><tspan class="st7"
 						v:langID="2057">2</tspan></text>		</g>
-		<g id="shape1040-187" v:mID="1040" v:groupContext="shape" v:layerMember="0" transform="translate(708.75,-789.806)">
+		<g id="shape1040-190" v:mID="1040" v:groupContext="shape" v:layerMember="0" transform="translate(708.75,-789.806)">
 			<title>Dynamic connector.1040</title>
 			<desc>reconstructed_by</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="42.75" cy="1539" width="70.95" height="17.6036"/>
-			<path d="M0 1539 L78.96 1539" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="12.2775" y="1534.2" width="60.945" height="9.59985" class="st9"/>
-			<text x="12.28" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>r<tspan class="st11"
+			<path d="M0 1539 L78.96 1539" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="12.2775" y="1534.2" width="60.945" height="9.59985" class="st10"/>
+			<text x="12.28" y="1541.4" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>r<tspan class="st7"
 						v:langID="2057">econstructed_by</tspan></text>		</g>
-		<g id="shape1041-195" v:mID="1041" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-1072.52)">
+		<g id="shape1041-198" v:mID="1041" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-1072.52)">
 			<title>Dynamic connector.1041</title>
 			<desc>secondary_storage_refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-71.4375" cy="1539" width="93.91" height="17.6036"/>
-			<path d="M0 1539 L-136.33 1539" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-113.39" y="1534.2" width="83.9056" height="9.59985" class="st9"/>
-			<text x="-113.39" y="1541.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>secondary_storage_refs</text>		</g>
-		<g id="shape1042-202" v:mID="1042" v:groupContext="shape" transform="translate(783.562,-643.737)">
+			<path d="M0 1539 L-136.33 1539" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-113.39" y="1534.2" width="83.9056" height="9.59985" class="st10"/>
+			<text x="-113.39" y="1541.4" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>secondary_storage_refs</text>		</g>
+		<g id="shape1042-205" v:mID="1042" v:groupContext="shape" transform="translate(783.562,-643.737)">
 			<title>Rectangle.1042</title>
 			<desc>indicator--3</desc>
 			<v:userDefs>
@@ -394,7 +397,7 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="35.21" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicator--3</text>		</g>
-		<g id="shape1043-205" v:mID="1043" v:groupContext="shape" transform="translate(783.562,-577.12)">
+		<g id="shape1043-208" v:mID="1043" v:groupContext="shape" transform="translate(783.562,-577.12)">
 			<title>Rectangle.1043</title>
 			<desc>observed-data--3</desc>
 			<v:userDefs>
@@ -404,7 +407,7 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="21.49" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>observed-data--3</text>		</g>
-		<g id="shape1044-208" v:mID="1044" v:groupContext="shape" transform="translate(783.562,-510.503)">
+		<g id="shape1044-211" v:mID="1044" v:groupContext="shape" transform="translate(783.562,-510.503)">
 			<title>Rectangle.1044</title>
 			<desc>x-pnp-evt--1</desc>
 			<v:userDefs>
@@ -414,24 +417,24 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st5"/>
 			<text x="34.8" y="1541.37" class="st6" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-pnp-evt--1</text>		</g>
-		<g id="shape1045-211" v:mID="1045" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-643.737)">
+		<g id="shape1045-214" v:mID="1045" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-643.737)">
 			<title>Dynamic connector.1045</title>
 			<desc>based-on</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1571.08" width="41.81" height="17.6036"/>
-			<path d="M9 1548 L9 1587.62" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st9"/>
-			<text x="-6.9" y="1573.48" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
-		<g id="shape1046-218" v:mID="1046" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-577.12)">
+			<path d="M9 1548 L9 1587.62" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st10"/>
+			<text x="-6.9" y="1573.48" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
+		<g id="shape1046-221" v:mID="1046" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-577.12)">
 			<title>Dynamic connector.1046</title>
 			<desc>object_refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1571.08" width="49.38" height="17.6036"/>
-			<path d="M9 1548 L9 1587.62" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st9"/>
-			<text x="-10.68" y="1573.48" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
-						class="st11" v:langID="2057">ject_refs</tspan></text>		</g>
-		<g id="shape1047-226" v:mID="1047" v:groupContext="shape" transform="translate(783.562,-422.372)">
+			<path d="M9 1548 L9 1587.62" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st10"/>
+			<text x="-10.68" y="1573.48" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
+						class="st7" v:langID="2057">ject_refs</tspan></text>		</g>
+		<g id="shape1047-229" v:mID="1047" v:groupContext="shape" transform="translate(783.562,-357.545)">
 			<title>Rectangle.1047</title>
 			<desc>file--4</desc>
 			<v:userDefs>
@@ -441,39 +444,39 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="50.33" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>file--<tspan
-						class="st11" v:langID="1033">4</tspan></text>		</g>
-		<g id="shape1048-230" v:mID="1048" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-510.503)">
+						class="st7" v:langID="1033">4</tspan></text>		</g>
+		<g id="shape1048-233" v:mID="1048" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-510.503)">
 			<title>Dynamic connector.1048</title>
 			<desc>source_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="9" cy="1581.84" width="47.17" height="17.6036"/>
-			<path d="M9 1548 L9 1609.14" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-9.57997" y="1577.04" width="37.1599" height="9.59985" class="st9"/>
-			<text x="-9.58" y="1584.24" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
-		<g id="shape1049-237" v:mID="1049" v:groupContext="shape" transform="translate(782.437,-351.6)">
+			<v:textRect cx="9" cy="1614.25" width="47.17" height="17.6036"/>
+			<path d="M9 1548 L9 1673.96" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-9.57997" y="1609.45" width="37.1599" height="9.59985" class="st10"/>
+			<text x="-9.58" y="1616.65" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
+		<g id="shape1049-240" v:mID="1049" v:groupContext="shape" transform="translate(782.437,-286.772)">
 			<title>Sheet.1049</title>
 			<desc>directory-3</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="36.92" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>directory-3</text>		</g>
-		<g id="shape1050-240" v:mID="1050" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-422.372)">
+		<g id="shape1050-243" v:mID="1050" v:groupContext="shape" v:layerMember="0" transform="translate(839.812,-357.545)">
 			<title>Dynamic connector.1050</title>
 			<desc>parent_directory_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1573.16" width="81.55" height="17.6036"/>
-			<path d="M9 1548 L9 1591.78" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st9"/>
-			<text x="-26.77" y="1575.56" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
-		<g id="shape1051-247" v:mID="1051" v:groupContext="shape" v:layerMember="0" transform="translate(839.531,-705.812)">
+			<path d="M9 1548 L9 1591.78" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st10"/>
+			<text x="-26.77" y="1575.56" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
+		<g id="shape1051-250" v:mID="1051" v:groupContext="shape" v:layerMember="0" transform="translate(839.531,-705.812)">
 			<title>Dynamic connector.1051</title>
 			<desc>indicated-by</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9.28125" cy="1568.53" width="52.77" height="17.6036"/>
-			<path d="M8.72 1548 L8.72 1561.5 L9.28 1561.5 L9.28 1583.08" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-12.0976" y="1563.73" width="42.7577" height="9.59985" class="st9"/>
-			<text x="-12.1" y="1570.93" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicated-by</text>		</g>
-		<g id="shape1052-254" v:mID="1052" v:groupContext="shape" transform="translate(595.687,-643.737)">
+			<path d="M8.72 1548 L8.72 1561.5 L9.28 1561.5 L9.28 1583.08" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-12.0976" y="1563.73" width="42.7577" height="9.59985" class="st10"/>
+			<text x="-12.1" y="1570.93" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicated-by</text>		</g>
+		<g id="shape1052-257" v:mID="1052" v:groupContext="shape" transform="translate(595.687,-643.737)">
 			<title>Rectangle.1052</title>
 			<desc>indicator—2</desc>
 			<v:userDefs>
@@ -483,7 +486,7 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="34.3" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicator—2</text>		</g>
-		<g id="shape1053-257" v:mID="1053" v:groupContext="shape" transform="translate(595.687,-577.12)">
+		<g id="shape1053-260" v:mID="1053" v:groupContext="shape" transform="translate(595.687,-577.12)">
 			<title>Rectangle.1053</title>
 			<desc>observed-data—2</desc>
 			<v:userDefs>
@@ -493,7 +496,7 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="20.58" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>observed-data—2</text>		</g>
-		<g id="shape1054-260" v:mID="1054" v:groupContext="shape" transform="translate(595.687,-510.503)">
+		<g id="shape1054-263" v:mID="1054" v:groupContext="shape" transform="translate(595.687,-510.503)">
 			<title>Rectangle.1054</title>
 			<desc>x-windows-evt-2</desc>
 			<v:userDefs>
@@ -503,24 +506,24 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st5"/>
 			<text x="23.29" y="1541.37" class="st6" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>x-windows-evt-2</text>		</g>
-		<g id="shape1055-263" v:mID="1055" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-643.737)">
+		<g id="shape1055-266" v:mID="1055" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-643.737)">
 			<title>Dynamic connector.1055</title>
 			<desc>based-on</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1571.08" width="41.81" height="17.6036"/>
-			<path d="M9 1548 L9 1587.62" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st9"/>
-			<text x="-6.9" y="1573.48" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
-		<g id="shape1056-270" v:mID="1056" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-577.12)">
+			<path d="M9 1548 L9 1587.62" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-6.89821" y="1566.28" width="31.7964" height="9.59985" class="st10"/>
+			<text x="-6.9" y="1573.48" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>based-on</text>		</g>
+		<g id="shape1056-273" v:mID="1056" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-577.12)">
 			<title>Dynamic connector.1056</title>
 			<desc>object_refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1571.08" width="49.38" height="17.6036"/>
-			<path d="M9 1548 L9 1587.62" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st9"/>
-			<text x="-10.68" y="1573.48" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
-						class="st11" v:langID="2057">ject_refs</tspan></text>		</g>
-		<g id="shape1057-278" v:mID="1057" v:groupContext="shape" transform="translate(595.687,-422.372)">
+			<path d="M9 1548 L9 1587.62" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-10.6835" y="1566.28" width="39.367" height="9.59985" class="st10"/>
+			<text x="-10.68" y="1573.48" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
+						class="st7" v:langID="2057">ject_refs</tspan></text>		</g>
+		<g id="shape1057-281" v:mID="1057" v:groupContext="shape" transform="translate(595.687,-357.545)">
 			<title>Rectangle.1057</title>
 			<desc>file--3</desc>
 			<v:userDefs>
@@ -530,76 +533,76 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="50.33" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>file--<tspan
-						class="st11" v:langID="1033">3</tspan></text>		</g>
-		<g id="shape1058-282" v:mID="1058" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-510.503)">
+						class="st7" v:langID="1033">3</tspan></text>		</g>
+		<g id="shape1058-285" v:mID="1058" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-510.503)">
 			<title>Dynamic connector.1058</title>
 			<desc>source_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="9" cy="1581.84" width="47.17" height="17.6036"/>
-			<path d="M9 1548 L9 1609.14" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-9.57997" y="1577.04" width="37.1599" height="9.59985" class="st9"/>
-			<text x="-9.58" y="1584.24" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
-		<g id="shape1059-289" v:mID="1059" v:groupContext="shape" transform="translate(594.562,-351.6)">
+			<v:textRect cx="9" cy="1614.25" width="47.17" height="17.6036"/>
+			<path d="M9 1548 L9 1673.96" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-9.57997" y="1609.45" width="37.1599" height="9.59985" class="st10"/>
+			<text x="-9.58" y="1616.65" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>source_ref</text>		</g>
+		<g id="shape1059-292" v:mID="1059" v:groupContext="shape" transform="translate(594.562,-286.772)">
 			<title>Sheet.1059</title>
 			<desc>directory-2</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="36.92" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>directory-2</text>		</g>
-		<g id="shape1060-292" v:mID="1060" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-422.372)">
+		<g id="shape1060-295" v:mID="1060" v:groupContext="shape" v:layerMember="0" transform="translate(651.937,-357.545)">
 			<title>Dynamic connector.1060</title>
 			<desc>parent_directory_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1573.16" width="81.55" height="17.6036"/>
-			<path d="M9 1548 L9 1591.78" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st9"/>
-			<text x="-26.77" y="1575.56" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
-		<g id="shape1061-299" v:mID="1061" v:groupContext="shape" v:layerMember="0" transform="translate(783.562,-716.039)">
+			<path d="M9 1548 L9 1591.78" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-26.7695" y="1568.36" width="71.5388" height="9.59985" class="st10"/>
+			<text x="-26.77" y="1575.56" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>parent_directory_ref</text>		</g>
+		<g id="shape1061-302" v:mID="1061" v:groupContext="shape" v:layerMember="0" transform="translate(783.562,-716.039)">
 			<title>Dynamic connector.1061</title>
 			<desc>indicated-by</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-87.2363" cy="1548" width="52.77" height="17.6036"/>
-			<path d="M0 1548 L-122.63 1548 L-122.63 1593.31" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-108.615" y="1543.2" width="42.7577" height="9.59985" class="st9"/>
-			<text x="-108.62" y="1550.4" class="st10" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicated-by</text>		</g>
-		<g id="shape1062-306" v:mID="1062" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1134.6)">
+			<path d="M0 1548 L-122.63 1548 L-122.63 1593.31" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-108.615" y="1543.2" width="42.7577" height="9.59985" class="st10"/>
+			<text x="-108.62" y="1550.4" class="st11" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>indicated-by</text>		</g>
+		<g id="shape1062-309" v:mID="1062" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1207.23)">
 			<title>Dynamic connector.1062</title>
 			<desc>contains-refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-252" cy="2043.84" width="55.67" height="17.6036"/>
-			<path d="M0 1548 L-39.55 1548 A3 3 -180 0 0 -45.55 1548 L-252 1548 L-252 2194.77 L-219 2194.77 A3 3 0 0 1 -213 2194.77
-						 L157.31 2194.77 A3 3 0 0 1 163.31 2194.77 L257.62 2194.77 L257.62 2250 L283.15 2250" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-274.832" y="2039.04" width="45.6638" height="9.59985" class="st9"/>
-			<text x="-274.83" y="2046.24" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
-						class="st11" v:langID="2057">ontains</tspan><tspan class="st11" v:langID="2057">-</tspan><tspan
-						class="st11" v:langID="2057">refs</tspan></text>		</g>
-		<g id="shape1063-316" v:mID="1063" v:groupContext="shape" v:layerMember="0" transform="translate(436.5,-1134.6)">
+			<v:textRect cx="-252" cy="2112.57" width="55.67" height="17.6036"/>
+			<path d="M0 1548 L-252 1548 L-252 2341.23 L-219 2341.23 A3 3 0 0 1 -213 2341.23 L157.31 2341.23 A3 3 0 0 1 163.31 2341.23
+						 L257.62 2341.23 L257.62 2387.46 L283.15 2387.46" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-274.832" y="2107.77" width="45.6638" height="9.59985" class="st10"/>
+			<text x="-274.83" y="2114.97" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
+						class="st7" v:langID="2057">ontains</tspan><tspan class="st7" v:langID="2057">-</tspan><tspan class="st7"
+						v:langID="2057">refs</tspan></text>		</g>
+		<g id="shape1063-319" v:mID="1063" v:groupContext="shape" v:layerMember="0" transform="translate(436.5,-1207.23)">
 			<title>Dynamic connector.1063</title>
 			<desc>contains-refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="526.5" cy="1843.47" width="55.67" height="17.6036"/>
-			<path d="M0 1548 L204.56 1548 A3 3 0 1 1 210.56 1548 L526.5 1548 L526.5 2250 L484.1 2250" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="503.668" y="1838.67" width="45.6638" height="9.59985" class="st9"/>
-			<text x="503.67" y="1845.87" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
-						class="st11" v:langID="2057">ontains</tspan><tspan class="st11" v:langID="2057">-</tspan><tspan
-						class="st11" v:langID="2057">refs</tspan></text>		</g>
-		<g id="shape1065-326" v:mID="1065" v:groupContext="shape" v:layerMember="0" transform="translate(371.25,-1124.37)">
+			<v:textRect cx="526.5" cy="1931.92" width="55.67" height="17.6036"/>
+			<path d="M0 1548 L526.5 1548 L526.5 2387.46 L484.1 2387.46" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="503.668" y="1927.12" width="45.6638" height="9.59985" class="st10"/>
+			<text x="503.67" y="1934.32" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
+						class="st7" v:langID="2057">ontains</tspan><tspan class="st7" v:langID="2057">-</tspan><tspan class="st7"
+						v:langID="2057">refs</tspan></text>		</g>
+		<g id="shape1065-329" v:mID="1065" v:groupContext="shape" v:layerMember="0" transform="translate(371.25,-1197)">
 			<title>Dynamic connector.1065</title>
 			<desc>part-of</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-88.65" cy="1591.4" width="40" height="17.6036"/>
-			<path d="M0 1548 L0 1567.12 L-88.65 1567.12 L-88.65 1700.06 L-71.79 1700.06" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-100.218" y="1586.6" width="23.1364" height="9.59985" class="st9"/>
-			<text x="-100.22" y="1593.8" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>part-of</text>		</g>
-		<g id="shape1066-333" v:mID="1066" v:groupContext="shape" v:layerMember="0" transform="translate(653.062,-1071.29)">
+			<v:textRect cx="-76.616" cy="1639.75" width="40" height="17.6036"/>
+			<path d="M0 1548 L0 1639.75 L-88.65 1639.75 L-88.65 1772.68 L-71.79 1772.68" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-88.1843" y="1634.95" width="23.1364" height="9.59985" class="st12"/>
+			<text x="-88.18" y="1642.15" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>part-of</text>		</g>
+		<g id="shape1066-336" v:mID="1066" v:groupContext="shape" v:layerMember="0" transform="translate(653.062,-1071.29)">
 			<title>Dynamic connector.1066</title>
 			<desc>used-in</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-9" cy="1592.38" width="40" height="17.6036"/>
-			<path d="M-9 1548 L-9 1630.21" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-21.6405" y="1587.58" width="25.2809" height="9.59985" class="st9"/>
-			<text x="-21.64" y="1594.78" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>used-in</text>		</g>
-		<g id="shape1067-340" v:mID="1067" v:groupContext="shape" transform="translate(432,-1027.85)">
+			<path d="M-9 1548 L-9 1630.21" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-21.6405" y="1587.58" width="25.2809" height="9.59985" class="st12"/>
+			<text x="-21.64" y="1594.78" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>used-in</text>		</g>
+		<g id="shape1067-343" v:mID="1067" v:groupContext="shape" transform="translate(432,-1027.85)">
 			<title>Rectangle.1067</title>
 			<desc>Identify--3</desc>
 			<v:userDefs>
@@ -609,8 +612,8 @@
 			<v:textRect cx="64.6875" cy="1537.77" width="129.38" height="20.4551"/>
 			<rect x="0" y="1527.54" width="129.375" height="20.4551" class="st3"/>
 			<text x="38.31" y="1541.37" class="st4" v:langID="2057"><v:paragraph v:horizAlign="1"/><v:tabList/>Identify--<tspan
-						class="st11" v:langID="1033">3</tspan></text>		</g>
-		<g id="shape1069-344" v:mID="1069" v:groupContext="shape" transform="translate(306,-908.372)">
+						class="st7" v:langID="1033">3</tspan></text>		</g>
+		<g id="shape1069-347" v:mID="1069" v:groupContext="shape" transform="translate(306,-908.372)">
 			<title>Rectangle.1069</title>
 			<desc>x-investigation-tool--1</desc>
 			<v:userDefs>
@@ -620,15 +623,15 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
 			<text x="8.36" y="1541.37" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigation-tool--1</text>		</g>
-		<g id="shape1070-347" v:mID="1070" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-962.089)">
+		<g id="shape1070-350" v:mID="1070" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-962.089)">
 			<title>Dynamic connector.1070</title>
 			<desc>acquired_using_tool_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1564.63" width="94.77" height="17.6036"/>
-			<path d="M9 1548 L9 1574.72" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-33.3827" y="1559.83" width="84.7653" height="9.59985" class="st9"/>
-			<text x="-33.38" y="1567.03" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>acquired_using_tool_ref</text>		</g>
-		<g id="shape1071-354" v:mID="1071" v:groupContext="shape" transform="translate(306,-845.372)">
+			<path d="M9 1548 L9 1574.72" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-33.3827" y="1559.83" width="84.7653" height="9.59985" class="st10"/>
+			<text x="-33.38" y="1567.03" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>acquired_using_tool_ref</text>		</g>
+		<g id="shape1071-357" v:mID="1071" v:groupContext="shape" transform="translate(306,-845.372)">
 			<title>Rectangle.1071</title>
 			<desc>software--1</desc>
 			<v:userDefs>
@@ -638,15 +641,15 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="35.7" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>software--1</text>		</g>
-		<g id="shape1072-357" v:mID="1072" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-908.372)">
+		<g id="shape1072-360" v:mID="1072" v:groupContext="shape" v:layerMember="0" transform="translate(362.25,-908.372)">
 			<title>Dynamic connector.1072</title>
 			<desc>software_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1569.27" width="54.22" height="17.6036"/>
-			<path d="M9 1548 L9 1584" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-13.1034" y="1564.47" width="44.2068" height="9.59985" class="st9"/>
-			<text x="-13.1" y="1571.67" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>software_ref</text>		</g>
-		<g id="shape1073-364" v:mID="1073" v:groupContext="shape" transform="translate(162,-634.078)">
+			<path d="M9 1548 L9 1584" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-13.1034" y="1564.47" width="44.2068" height="9.59985" class="st10"/>
+			<text x="-13.1" y="1571.67" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>software_ref</text>		</g>
+		<g id="shape1073-367" v:mID="1073" v:groupContext="shape" transform="translate(162,-634.078)">
 			<title>Rectangle.1073</title>
 			<desc>x-file-visit--1</desc>
 			<v:userDefs>
@@ -656,16 +659,16 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st5"/>
 			<text x="33.45" y="1541.37" class="st6" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x-file-visit<tspan
-						class="st11" v:langID="2057">--</tspan><tspan class="st11" v:langID="2057">1</tspan></text>		</g>
-		<g id="shape1074-369" v:mID="1074" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-587.348)">
+						class="st7" v:langID="2057">--</tspan><tspan class="st7" v:langID="2057">1</tspan></text>		</g>
+		<g id="shape1074-372" v:mID="1074" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-587.348)">
 			<title>Dynamic connector.1074</title>
 			<desc>object_refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-110.271" cy="1548" width="49.38" height="17.6036"/>
-			<path d="M0 1548 L-173.81 1548 L-173.81 1507.81" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-129.955" y="1543.2" width="39.367" height="9.59985" class="st9"/>
-			<text x="-129.95" y="1550.4" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>object_refs</text>		</g>
-		<g id="shape1075-376" v:mID="1075" v:groupContext="shape" transform="translate(162,-699.122)">
+			<path d="M0 1548 L-173.81 1548 L-173.81 1507.81" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-129.955" y="1543.2" width="39.367" height="9.59985" class="st10"/>
+			<text x="-129.95" y="1550.4" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>object_refs</text>		</g>
+		<g id="shape1075-379" v:mID="1075" v:groupContext="shape" transform="translate(162,-699.122)">
 			<title>Rectangle.1075</title>
 			<desc>file--1</desc>
 			<v:userDefs>
@@ -675,33 +678,33 @@
 			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
 			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st3"/>
 			<text x="50.33" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>file--1</text>		</g>
-		<g id="shape1076-379" v:mID="1076" v:groupContext="shape" v:layerMember="0" transform="translate(218.25,-656.578)">
+		<g id="shape1076-382" v:mID="1076" v:groupContext="shape" v:layerMember="0" transform="translate(218.25,-656.578)">
 			<title>Dynamic connector.1076</title>
 			<desc>source-ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="9" cy="1526.73" width="45.23" height="17.6036"/>
-			<path d="M9 1548 L9 1512" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-8.60919" y="1521.93" width="35.2183" height="9.59985" class="st9"/>
-			<text x="-8.61" y="1529.13" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>source-ref</text>		</g>
-		<g id="shape1077-386" v:mID="1077" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1134.6)">
+			<path d="M9 1548 L9 1512" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-8.60919" y="1521.93" width="35.2183" height="9.59985" class="st10"/>
+			<text x="-8.61" y="1529.13" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>source-ref</text>		</g>
+		<g id="shape1077-389" v:mID="1077" v:groupContext="shape" v:layerMember="0" transform="translate(306,-1207.23)">
 			<title>Dynamic connector.1077</title>
 			<desc>contains-refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-78.75" cy="1716.14" width="55.67" height="17.6036"/>
-			<path d="M0 1548 L-39.55 1548 A3 3 -180 0 0 -45.55 1548 L-78.75 1548 L-78.75 1956.48" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-101.582" y="1711.34" width="45.6638" height="9.59985" class="st9"/>
-			<text x="-101.58" y="1718.54" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
-						class="st11" v:langID="2057">ontains</tspan><tspan class="st11" v:langID="2057">-</tspan><tspan
-						class="st11" v:langID="2057">refs</tspan></text>		</g>
-		<g id="shape1078-396" v:mID="1078" v:groupContext="shape" v:layerMember="0" transform="translate(595.687,-587.348)">
+			<v:textRect cx="-78.75" cy="1752.45" width="55.67" height="17.6036"/>
+			<path d="M0 1548 L-78.75 1548 L-78.75 2029.11" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-101.582" y="1747.65" width="45.6638" height="9.59985" class="st10"/>
+			<text x="-101.58" y="1754.85" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>c<tspan
+						class="st7" v:langID="2057">ontains</tspan><tspan class="st7" v:langID="2057">-</tspan><tspan class="st7"
+						v:langID="2057">refs</tspan></text>		</g>
+		<g id="shape1078-399" v:mID="1078" v:groupContext="shape" v:layerMember="0" transform="translate(595.687,-587.348)">
 			<title>Dynamic connector.1078</title>
 			<desc>object-refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-13.5" cy="1599.87" width="47.43" height="17.6036"/>
-			<path d="M0 1548 L-13.5 1548 L-13.5 1614.62 L-57.58 1614.62" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-32.2128" y="1595.07" width="37.4255" height="9.59985" class="st9"/>
-			<text x="-32.21" y="1602.27" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>object-refs</text>		</g>
-		<g id="shape1079-403" v:mID="1079" v:groupContext="shape" transform="translate(1004.63,-1028.32)">
+			<path d="M0 1548 L-13.5 1548 L-13.5 1614.62 L-57.58 1614.62" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-32.2128" y="1595.07" width="37.4255" height="9.59985" class="st10"/>
+			<text x="-32.21" y="1602.27" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>object-refs</text>		</g>
+		<g id="shape1079-406" v:mID="1079" v:groupContext="shape" transform="translate(1004.63,-1028.32)">
 			<title>Rectangle.1079</title>
 			<desc>Cyber Forensic Domain Object</desc>
 			<v:userDefs>
@@ -711,8 +714,8 @@
 			<v:textRect cx="64.6875" cy="1531.26" width="129.38" height="33.4898"/>
 			<rect x="0" y="1514.51" width="129.375" height="33.4898" class="st1"/>
 			<text x="25.57" y="1527.66" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Cyber Forensic <tspan
-						x="25.91" dy="1.2em" class="st11">Domain Object</tspan></text>		</g>
-		<g id="shape1080-407" v:mID="1080" v:groupContext="shape" transform="translate(1003.5,-966.083)">
+						x="25.91" dy="1.2em" class="st7">Domain Object</tspan></text>		</g>
+		<g id="shape1080-410" v:mID="1080" v:groupContext="shape" transform="translate(1003.5,-966.083)">
 			<title>Rectangle.1080</title>
 			<desc>Cyber Forensic Domain Object</desc>
 			<v:userDefs>
@@ -722,8 +725,8 @@
 			<v:textRect cx="65.25" cy="1531.26" width="130.51" height="33.4898"/>
 			<rect x="0" y="1514.51" width="130.5" height="33.4898" class="st5"/>
 			<text x="4.46" y="1527.66" class="st6" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Cyber Forensic Domain <tspan
-						x="48.15" dy="1.2em" class="st11">Object</tspan></text>		</g>
-		<g id="shape1081-411" v:mID="1081" v:groupContext="shape" transform="translate(1003.5,-903.842)">
+						x="48.15" dy="1.2em" class="st7">Object</tspan></text>		</g>
+		<g id="shape1081-414" v:mID="1081" v:groupContext="shape" transform="translate(1003.5,-903.842)">
 			<title>Rectangle.1081</title>
 			<desc>STIX Object</desc>
 			<v:userDefs>
@@ -733,47 +736,47 @@
 			<v:textRect cx="64.6875" cy="1531.26" width="129.38" height="33.4898"/>
 			<rect x="0" y="1514.51" width="129.375" height="33.4898" class="st3"/>
 			<text x="34.33" y="1534.86" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>STIX Object</text>		</g>
-		<g id="shape1082-414" v:mID="1082" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-982.544)">
+		<g id="shape1082-417" v:mID="1082" v:groupContext="shape" v:layerMember="0" transform="translate(644.062,-982.544)">
 			<title>Dynamic connector.1082</title>
 			<desc>assigned-to</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-73.6875" cy="1525.35" width="50.59" height="17.6036"/>
-			<path d="M0 1548 L-141.12 1504.61" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-93.9802" y="1520.55" width="40.5854" height="9.59985" class="st9"/>
-			<text x="-93.98" y="1527.75" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>assigned-to</text>		</g>
-		<g id="shape1083-421" v:mID="1083" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-972.317)">
+			<path d="M0 1548 L-141.12 1504.61" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-93.9802" y="1520.55" width="40.5854" height="9.59985" class="st12"/>
+			<text x="-93.98" y="1527.75" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>assigned-to</text>		</g>
+		<g id="shape1083-424" v:mID="1083" v:groupContext="shape" v:layerMember="0" transform="translate(579.375,-972.317)">
 			<title>Dynamic connector.1083</title>
 			<desc>invovles</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-23.1702" cy="1575.77" width="40" height="17.6036"/>
-			<path d="M0 1548 L-42.15 1598.51" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-37.2678" y="1570.97" width="28.195" height="9.59985" class="st9"/>
-			<text x="-37.27" y="1578.17" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>invovles</text>		</g>
-		<g id="shape1084-428" v:mID="1084" v:groupContext="shape" v:layerMember="0" transform="translate(371.25,-982.544)">
+			<path d="M0 1548 L-42.15 1598.51" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-37.2678" y="1570.97" width="28.195" height="9.59985" class="st12"/>
+			<text x="-37.27" y="1578.17" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>invovles</text>		</g>
+		<g id="shape1084-431" v:mID="1084" v:groupContext="shape" v:layerMember="0" transform="translate(371.25,-982.544)">
 			<title>Dynamic connector.1084</title>
 			<desc>acquired_by_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="62.7188" cy="1525.35" width="68.14" height="17.6036"/>
-			<path d="M0 1548 L119.29 1504.91" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="34.6524" y="1520.55" width="56.1327" height="9.59985" class="st9"/>
-			<text x="34.65" y="1527.75" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>acquired_by_ref  </text>		</g>
-		<g id="shape1085-435" v:mID="1085" v:groupContext="shape" v:layerMember="0" transform="translate(292.5,-644.305)">
+			<path d="M0 1548 L119.29 1504.91" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="34.6524" y="1520.55" width="56.1327" height="9.59985" class="st10"/>
+			<text x="34.65" y="1527.75" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>acquired_by_ref  </text>		</g>
+		<g id="shape1085-438" v:mID="1085" v:groupContext="shape" v:layerMember="0" transform="translate(292.5,-644.305)">
 			<title>Dynamic connector.1085</title>
 			<desc>exploits</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="79.3125" cy="1515.52" width="40" height="17.6036"/>
-			<path d="M0 1548 L79.31 1548 L79.31 1410.27" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="65.4805" y="1510.72" width="27.6638" height="9.59985" class="st9"/>
-			<text x="65.48" y="1517.92" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
-		<g id="shape1086-442" v:mID="1086" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-716.039)">
+			<path d="M0 1548 L79.31 1548 L79.31 1410.27" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="65.4805" y="1510.72" width="27.6638" height="9.59985" class="st12"/>
+			<text x="65.48" y="1517.92" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
+		<g id="shape1086-445" v:mID="1086" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-716.039)">
 			<title>Dynamic connector.1086</title>
 			<desc>exploits</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-29.25" cy="1528.23" width="40" height="17.6036"/>
-			<path d="M0 1548 L-29.25 1548 L-29.25 1485.75" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-43.082" y="1523.43" width="27.6638" height="9.59985" class="st9"/>
-			<text x="-43.08" y="1530.63" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
-		<g id="shape1087-449" v:mID="1087" v:groupContext="shape" transform="translate(295.875,-531.6)">
+			<path d="M0 1548 L-29.25 1548 L-29.25 1485.75" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-43.082" y="1523.43" width="27.6638" height="9.59985" class="st12"/>
+			<text x="-43.08" y="1530.63" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>exploits</text>		</g>
+		<g id="shape1087-452" v:mID="1087" v:groupContext="shape" transform="translate(295.875,-531.6)">
 			<title>Rectangle.1087</title>
 			<desc>url</desc>
 			<v:userDefs>
@@ -783,22 +786,133 @@
 			<v:textRect cx="28.125" cy="1537.77" width="56.26" height="20.4551"/>
 			<rect x="0" y="1527.54" width="56.25" height="20.4551" class="st3"/>
 			<text x="21.2" y="1541.37" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>url</text>		</g>
-		<g id="shape1088-452" v:mID="1088" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-520.731)">
+		<g id="shape1088-455" v:mID="1088" v:groupContext="shape" v:layerMember="0" transform="translate(401.062,-520.731)">
 			<title>Dynamic connector.1088</title>
 			<desc>url_ref</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-13.9205" cy="1526.9" width="40" height="17.6036"/>
-			<path d="M0 1548 L-13.5 1548 L-13.5 1526.9 L-42.4 1526.9" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-25.3423" y="1522.1" width="22.8439" height="9.59985" class="st9"/>
-			<text x="-25.34" y="1529.3" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>url_ref</text>		</g>
-		<g id="shape1089-459" v:mID="1089" v:groupContext="shape" v:layerMember="0" transform="translate(466.312,-577.12)">
+			<path d="M0 1548 L-13.5 1548 L-13.5 1526.9 L-42.4 1526.9" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-25.3423" y="1522.1" width="22.8439" height="9.59985" class="st10"/>
+			<text x="-25.34" y="1529.3" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>url_ref</text>		</g>
+		<g id="shape1089-462" v:mID="1089" v:groupContext="shape" v:layerMember="0" transform="translate(466.312,-577.12)">
 			<title>Dynamic connector.1089</title>
 			<desc>object_refs</desc>
 			<v:textBlock v:margins="rect(4,4,4,4)"/>
 			<v:textRect cx="-70.1887" cy="1561.5" width="49.38" height="17.6036"/>
-			<path d="M0 1548 L0 1561.5 L-142.31 1561.5 L-142.31 1566.52" class="st7"/>
-			<rect v:rectContext="textBkgnd" x="-89.8723" y="1556.7" width="39.367" height="9.59985" class="st9"/>
-			<text x="-89.87" y="1563.9" class="st10" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
-						class="st11" v:langID="2057">ject_refs</tspan></text>		</g>
+			<path d="M0 1548 L0 1561.5 L-142.31 1561.5 L-142.31 1566.52" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-89.8723" y="1556.7" width="39.367" height="9.59985" class="st12"/>
+			<text x="-89.87" y="1563.9" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ob<tspan
+						class="st7" v:langID="2057">ject_refs</tspan></text>		</g>
+		<g id="shape1090-470" v:mID="1090" v:groupContext="shape" transform="translate(793.125,-1071.29)">
+			<title>Rectangle.1090</title>
+			<desc>x-ram</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="50.47" y="1541.37" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x-ram</text>		</g>
+		<g id="shape1091-473" v:mID="1091" v:groupContext="shape" v:layerMember="0" transform="translate(708.75,-1072.52)">
+			<title>Dynamic connector.1091</title>
+			<desc>ram_refs</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="42.1875" cy="1539" width="41.11" height="17.6036"/>
+			<path d="M0 1539 L77.83 1539" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="26.6367" y="1534.2" width="31.1015" height="9.59985" class="st12"/>
+			<text x="26.64" y="1541.4" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ram_refs</text>		</g>
+		<g id="shape1092-480" v:mID="1092" v:groupContext="shape" v:layerMember="0" transform="translate(867.656,-982.544)">
+			<title>Dynamic connector.1092</title>
+			<desc>image-of</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-9.28125" cy="1503.91" width="40.66" height="17.6036"/>
+			<path d="M-8.72 1548 L-8.72 1534.5 L-9.28 1534.5 L-9.28 1465.79" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-24.6054" y="1499.11" width="30.6483" height="9.59985" class="st10"/>
+			<text x="-24.61" y="1506.31" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>image-of</text>		</g>
+		<g id="shape1093-487" v:mID="1093" v:groupContext="shape" transform="translate(689.625,-1161)">
+			<title>Sheet.1093</title>
+			<desc>mac-addr--1</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="43.3125" cy="1536.8" width="86.63" height="22.4037"/>
+			<rect x="0" y="1525.6" width="86.625" height="22.4037" class="st3"/>
+			<text x="12.09" y="1540.4" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>mac-addr<tspan
+						class="st7" v:langID="2057">--</tspan><tspan class="st7" v:langID="2057">1  </tspan>  </text>		</g>
+		<g id="shape1094-492" v:mID="1094" v:groupContext="shape" transform="translate(822.375,-1161)">
+			<title>Sheet.1094</title>
+			<desc>ipv4-addr--1</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="43.3125" cy="1536.8" width="86.63" height="22.4037"/>
+			<rect x="0" y="1525.6" width="86.625" height="22.4037" class="st3"/>
+			<text x="12.3" y="1540.4" class="st4" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>ipv4-addr--1</text>		</g>
+		<g id="shape1096-495" v:mID="1096" v:groupContext="shape" v:layerMember="0" transform="translate(684,-1091.75)">
+			<title>Dynamic connector.1096</title>
+			<desc>communicates-use</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="111.969" cy="1534.5" width="78.17" height="17.6036"/>
+			<path d="M0 1548 L0 1534.5 L181.69 1534.5 L181.69 1485.29" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="78.8894" y="1529.7" width="66.1594" height="9.59985" class="st10"/>
+			<text x="78.89" y="1536.9" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>communicates-use  </text>		</g>
+		<g id="shape1097-502" v:mID="1097" v:groupContext="shape" v:layerMember="0" transform="translate(666,-1091.75)">
+			<title>Dynamic connector.1097</title>
+			<desc>has</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="0" cy="1495.96" width="40" height="17.6036"/>
+			<path d="M0 1548 L0 1467.55 L17.08 1467.55" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-6.23413" y="1491.16" width="12.4684" height="9.59985" class="st10"/>
+			<text x="-6.23" y="1498.36" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>has</text>		</g>
+		<g id="shape1098-509" v:mID="1098" v:groupContext="shape" transform="translate(276.75,-451.598)">
+			<title>Rectangle.1098</title>
+			<desc>x-investigation-tool--2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="8.36" y="1541.37" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigation-tool--2</text>		</g>
+		<g id="shape1099-512" v:mID="1099" v:groupContext="shape" v:layerMember="0" transform="translate(466.312,-510.503)">
+			<title>Dynamic connector.1099</title>
+			<desc>processed-by</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-62.1563" cy="1567.22" width="59.89" height="17.6036"/>
+			<path d="M0 1548 L-118.06 1584.52" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-85.0993" y="1562.43" width="45.886" height="9.59985" class="st10"/>
+			<text x="-85.1" y="1569.63" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>processed-by    </text>		</g>
+		<g id="shape1100-519" v:mID="1100" v:groupContext="shape" transform="translate(492.75,-451.598)">
+			<title>Rectangle.1100</title>
+			<desc>x-investigation-tool--3</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="8.36" y="1541.37" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigation-tool--3</text>		</g>
+		<g id="shape1101-522" v:mID="1101" v:groupContext="shape" transform="translate(690.75,-451.598)">
+			<title>Rectangle.1101</title>
+			<desc>x-investigation-tool--4</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="65.25" cy="1537.77" width="130.51" height="20.4551"/>
+			<rect x="0" y="1527.54" width="130.5" height="20.4551" class="st1"/>
+			<text x="8.36" y="1541.37" class="st2" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>x-investigation-tool--4</text>		</g>
+		<g id="shape1102-525" v:mID="1102" v:groupContext="shape" v:layerMember="0" transform="translate(660.937,-510.503)">
+			<title>Dynamic connector.1102</title>
+			<desc>processed-by</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-40.6547" cy="1567.22" width="57.89" height="17.6036"/>
+			<path d="M0 1548 L-75.4 1583.65" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-63.5978" y="1562.43" width="45.886" height="9.59985" class="st12"/>
+			<text x="-63.6" y="1569.63" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>processed-by  </text>		</g>
+		<g id="shape1103-532" v:mID="1103" v:groupContext="shape" v:layerMember="0" transform="translate(848.812,-510.503)">
+			<title>Dynamic connector.1103</title>
+			<desc>processed-by</desc>
+			<v:textBlock v:margins="rect(4,4,4,4)"/>
+			<v:textRect cx="-46.4062" cy="1567.22" width="57.89" height="17.6036"/>
+			<path d="M0 1548 L-86.77 1583.95" class="st8"/>
+			<rect v:rectContext="textBkgnd" x="-69.3493" y="1562.43" width="45.886" height="9.59985" class="st10"/>
+			<text x="-69.35" y="1569.63" class="st11" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>processed-by  </text>		</g>
 	</g>
 </svg>
diff --git a/STIX_for_digital_forensics/readme.md b/STIX_for_digital_forensics/readme.md
index 8fbc0ff..e5f1ffd 100644
--- a/STIX_for_digital_forensics/readme.md
+++ b/STIX_for_digital_forensics/readme.md
@@ -168,15 +168,15 @@ Investigation Tools are software that can be used by cyber investigators to perf
 
 ### Investigation Tool Specific Properties
 
-| Property Name   | Type                    | Description                                                                                                                         |
-| --------------- | ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
-| type (required) | string                  | The value of this property MUST be x-investigation-tool.                                                                            |
-| last_modified   | timestamps              | The last modified date of the investigation tool.                                                                                   |
-| description     | string                  | A description that provides more details and context about the investigation tool.                                                  |
-| used_for        | list of type open-vocab | Specifies a list of activities that tool is used to perform. Each activity SHOULD come from the x-activity-name-ov open vocabulary. |
-| aliases         | list of type string     | Alternative names used to identify this investigation tool.                                                                         |
-| version         | string                  | The version identifier associated with the investigation tool.                                                                      |
-| software_ref    | identifier              | Specifies the software product (if CPE or SWID is known) used as the investigation tool.                                            |
+| Property Name   | Type                    | Description                                                                                                                                                         |
+| --------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| type (required) | string                  | The value of this property MUST be x-investigation-tool.                                                                                                            |
+| last_modified   | timestamps              | The last modified date of the investigation tool.                                                                                                                   |
+| description     | string                  | A description that provides more details and context about the investigation tool.                                                                                  |
+| functions       | list of type open-vocab | Specifies a list of functions of an Investigation Tool. Each function is summarized in one activity, which SHOULD come from the x-activity-name-ov open vocabulary. |
+| aliases         | list of type string     | Alternative names used to identify this investigation tool.                                                                                                         |
+| version         | string                  | The version identifier associated with the investigation tool.                                                                                                      |
+| software_ref    | identifier              | Specifies the software product (if CPE or SWID is known) used as the investigation tool.                                                                            |
 
 ### Activity Name Vocabulary
 
@@ -524,18 +524,19 @@ A Crime Case object represents a background description of a potential cybercrim
 | type                   | string                      | Specifies the type of a computer. The value of this property MUST come from [Types](https://en.wikipedia.org/wiki/Computer). |
 | model                  | string                      | Specifies the model of a computer.                                                                                           |
 | cpu                    | StringS                     | Specifies the CUP of a computer. It MUST follow CUP naming conventions.                                                      |
-| memory                 | list of x-memory            | Specifies the memory of a computer.                                                                                          |
+| ram_refs               | list of type x-ram          | Specifies a list of RAM memory device of a computer.                                                                         |
 | input_devices          | list of type string         | Specifies a list of input devices.                                                                                           |
 | output_device          | list of type string         | Specifies a list of output devices.                                                                                          |
 | secondary_storage_refs | list of x-secondary-storage | Specifies a list of x-secondary-storage.                                                                                     |
 
 ### Relationships
 
-| Source     | Relationship Type | Target                    | Description                                                                            |
-| ---------- | ----------------- | ------------------------- | -------------------------------------------------------------------------------------- |
-| x-computer | has               | ipv4-addr                 | The relationship specifies that a computer communicates with other PCs with ipv4-addr. |
-| x-computer | has               | list of type user-account | The relationship specifies that a computer has a list of user-account.                 |
-| x-computer | used-in           | x-crime-case              | The relationship specifies that a computer is used in a x-crime-case.                  |
+| Source     | Relationship Type | Target                    | Description                                                                               |
+| ---------- | ----------------- | ------------------------- | ----------------------------------------------------------------------------------------- |
+| x-computer | communicates-use  | ipv4-addr, ipv6-addr      | The relationship specifies that a computer communicates with other PCs with IPv4/v6 Addr. |
+| x-computer | has               | mac-addr                  | The relationship specifies that a computer has a a Mac Address.                           |
+| x-computer | has               | list of type user-account | The relationship specifies that a computer has a list of User Account.                    |
+| x-computer | used-in           | x-crime-case              | The relationship specifies that a computer is used in a Crime Case.                       |
 
 ### Example
 
@@ -664,7 +665,7 @@ Specify a partition with NTFS
     "id": "relationship--6598bf44-1c10-4218-af9f-75b5b71c23a7",
     "created": "2021-05-15T09:12:16.432Z",
     "modified": "2021-05-15T09:12:16.432Z",
-    "relationship_type": "part-of",
+    "relationship_type": "contains-refs",
     "source_ref": "x-disk-partition--ac6e29f1-aa84-4066-961b-9e1f42acab8f",
     "target_ref": [
       "file--4de6823e-ee2e-4244-9915-7b3dc0489c84",
@@ -678,7 +679,7 @@ Specify a partition with NTFS
 
 **Type Name:** x-ram
 
-Memory object represent a primary storage that is used to store information for immediate use in a computer or related computer hardware device. We only include RAM.
+RAM object represent a random access memory, a primary storage, that is used to store information for immediate use in a computer or related computer hardware device.
 
 ### Memory Specific Properties
 
@@ -787,8 +788,8 @@ A Windows Event object represents properties of an event, which is recorded by W
 | event_generator      | string     | Specifies the name of the software (or the name of a sub-component of the software if the software is large) that generates the event.                             |
 | event_id             | integer    | The value is specific to the event source for the event, and is used with the source name to locate a description string in the message file for the event source. |
 | event_id_string      | integer    | Specified the description string of event_id.                                                                                                                      |
-| event_type           | string     | It MUST be one EventType defined in [Windows Doc](https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-eventlogrecord)                                |
-| source_ref(required) | identifier | Specifies object type that event object belongs to. It MUST be a type of file or artifact                                                                          |
+| event_type           | string     | It MUST be one of EventTypes defined in [Windows Doc](https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-eventlogrecord)                            |
+| source_ref(required) | identifier | Specifies object type that event object belongs to. It MUST be a type of File or Artifact                                                                          |
 
 Notes:
 
@@ -797,9 +798,10 @@ Notes:
 
 ### Relationships
 
-| Source        | Relationship Type | Target       | Description                                                               |
-| ------------- | ----------------- | ------------ | ------------------------------------------------------------------------- |
-| x-windows-evt | exploits          | user-account | This Relationship describes that a Windows Event exploits a User Account. |
+| Source        | Relationship Type | Target                            | Description                                                                                            |
+| ------------- | ----------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------ |
+| x-windows-evt | exploits          | user-account                      | This Relationship describes that a Windows Event exploits a User Account.                              |
+| x-windows-evt | processed-by      | list of type x-investigation-tool | This Relationship describes that a Windows Event is processed/viewed by a list of Investigation Tools. |
 
 ### Example 1: describes a "logon" event recorded in the security event file.
 
@@ -854,6 +856,19 @@ Notes:
     "relationship_type": "exploits",
     "source_ref": "x-windows-evt--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
     "target_ref": "user-account--0d5b424b-93b8-5cd8-ac36-306e1789d63c"
+  },
+  {
+    "type": "relationship",
+    "spec_version": "2.1",
+    "id": "relationship--014841f8-eb38-4673-9904-70f67c92dd8b",
+    "created": "2020-01-16T18:52:24.277Z",
+    "modified": "2020-01-16T18:52:24.277Z",
+    "relationship_type": "processed-by",
+    "source_ref": "x-windows-evt--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
+    "target_ref": [
+      "x-investigation-tool-b0c1231e-996f-455d-9884-a4c52b7910a5",
+      "x-investigation-tool-eab56266-e855-4737-a48a-e6d10d7e96c2"
+    ]
   }
 ]
 ```
@@ -898,9 +913,10 @@ A Webpage Visit object represents a visit to a webpage.
 
 ### Relationships
 
-| Source          | Relationship Type | Target       | Description                                                               |
-| --------------- | ----------------- | ------------ | ------------------------------------------------------------------------- |
-| x-webpage-visit | exploits          | user-account | This Relationship describes that a Webpage Visit exploits a User Account. |
+| Source          | Relationship Type | Target                            | Description                                                                                            |
+| --------------- | ----------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------ |
+| x-webpage-visit | exploits          | user-account                      | This Relationship describes that a Webpage Visit exploits a User Account.                              |
+| x-webpage-visit | processed-by      | list of type x-investigation-tool | This Relationship describes that a Webpage Visit is processed/viewed by a list of Investigation Tools. |
 
 ### Examples
 
@@ -981,9 +997,10 @@ Vocabulary Name: x-pnp-message-type-enum
 
 ### Relationships
 
-| Source    | Relationship Type | Target       | Description                                                           |
-| --------- | ----------------- | ------------ | --------------------------------------------------------------------- |
-| x-pnp-evt | exploits          | user-account | This Relationship describes that a pnp Event exploits a user-account. |
+| Source    | Relationship Type | Target                            | Description                                                                                        |
+| --------- | ----------------- | --------------------------------- | -------------------------------------------------------------------------------------------------- |
+| x-pnp-evt | exploits          | user-account                      | This Relationship describes that a pnp Event exploits a user-account.                              |
+| x-pnp-evt | processed-by      | list of type x-investigation-tool | This Relationship describes that a pnp Event is processed/viewed by a list of Investigation Tools. |
 
 ### Examples
 
@@ -1071,9 +1088,10 @@ A File Visit object represents properties that are associated with a file/direct
 
 ### Relationships
 
-| Source       | Relationship Type | Target       | Description                                                            |
-| ------------ | ----------------- | ------------ | ---------------------------------------------------------------------- |
-| x-file-visit | exploits          | user-account | This Relationship describes that a File Visit exploits a User Account. |
+| Source       | Relationship Type | Target                            | Description                                                                                         |
+| ------------ | ----------------- | --------------------------------- | --------------------------------------------------------------------------------------------------- |
+| x-file-visit | exploits          | user-account                      | This Relationship describes that a File Visit exploits a User Account.                              |
+| x-file-visit | processed-by      | list of type x-investigation-tool | This Relationship describes that a File Visit is processed/viewed by a list of Investigation Tools. |
 
 ### RecentFileCache