diff --git a/README.md b/README.md
index 0940d66..32b17d2 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,10 @@
-# Forensic
+# artif
 
-Digital Forensics, hidden information logged in files and systems and operating systems.
+Digital forensics artifact collection toolkit - uncover hidden information logged in files, systems, and operating systems.
+
+## About
+
+**artif** is a collection of forensic artifact extraction scripts designed to help investigators, security researchers, and system administrators uncover digital traces left behind by user activity and system operations.
 
 ## Windows
 
@@ -19,14 +23,37 @@ Scripts located in `windows/` directory. Run as Administrator for full access.
 - **Get-HotspotConnections.ps1** - Windows Mobile Hotspot connection artifacts (requires admin)
 
 #### User Activity Artifacts
-- **Get-RecentDocs.ps1** - Recently opened documents per user
+- **Get-RecentDocs.ps1** - Recently opened documents from OpenSavePidlMRU
+  - Supports `-ShowAll` or `-MaxPerType N` parameters
+  - Parses PIDL binary data to extract file paths
 
-### Tools
+#### System Information
+- **Get-Info.ps1** - Comprehensive system information (user, OS, network, disk, etc.)
+- **Get-Users.ps1** - User account enumeration
+  - `-Mode simple` - Just usernames (default)
+  - `-Mode detailed` - Key info with last logon times
+  - `-Mode full` - Complete details including groups and SIDs
 
-- Autopsy/The Sleuth Kit: Analyzes file systems, MFT entries, timestamps, and journals.
-- EnCase: Examines disk images for changes, mounted artifacts, and logs.
-- FTK (Forensic Toolkit): Scans for file modifications and USB-related registry entries.
-- X-Ways Forensics: Detailed hex-level analysis of drives and artifacts.
+### Usage Examples
+
+```powershell
+# Simple usage
+.\windows\Get-USBStorage.ps1
+.\windows\Get-Users.ps1
+
+# With parameters
+.\windows\Get-RecentDocs.ps1 -ShowAll
+.\windows\Get-Users.ps1 -Mode detailed
+```
+
+### Third-Party Forensic Tools
+
+- **Autopsy/The Sleuth Kit**: Analyzes file systems, MFT entries, timestamps, and journals
+- **EnCase**: Examines disk images for changes, mounted artifacts, and logs
+- **FTK (Forensic Toolkit)**: Scans for file modifications and USB-related registry entries
+- **X-Ways Forensics**: Detailed hex-level analysis of drives and artifacts
+- **Registry Explorer** (Eric Zimmerman): Advanced registry analysis with PIDL parsing
+- **RegRipper**: Automated registry artifact extraction
 
 ### Registry Locations
 
@@ -39,9 +66,16 @@ Scripts located in `windows/` directory. Run as Administrator for full access.
 #### Mounted Devices
 `HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices`
 
-#### Recent Documents
-`HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs`
+#### Recent Documents (OpenSavePidlMRU)
+`HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU`
 
-### Additional Resources
+#### User Profiles
+`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList`
 
-See `TODO.md` for planned forensic artifacts and scripts.
+## Roadmap
+
+See `TODO.md` for planned forensic artifacts and scripts across Windows, Linux, and macOS.
+
+## License
+
+This project is for educational and authorized security research purposes only.