Report, Evidence Citation, and Integrity Guide
Report, Evidence Citation, and Integrity Guide#
unJaena AI reports are investigation aids for fast sharing and review. Legal, disciplinary, or court-facing decisions should still be based on independently verified original evidence, acquisition authority, and chain-of-custody records.
Report Structure#
| Section | Description |
|---|---|
| Summary | Key findings, risk level, and investigation scope |
| Key Findings | Evidence-backed conclusions and confidence labels |
| Timeline | Important events ordered by time |
| Evidence Citations | Artifact references behind each claim |
| MITRE Mapping | Tactics and techniques related to incident or malware activity |
| Next Actions | Additional collection, account action, blocking, or verification steps |
Checking Evidence Citations#
- Open the cited artifact.
- Confirm time, user, filename, path, hash, and raw log context.
- Check whether another artifact supports the same event.
- Mark direct evidence and circumstantial context separately.
Integrity Workflow#
| Item | Purpose |
|---|---|
| SHA-256 hash | Detect content changes |
| Original path and metadata | Preserve source context |
| Timestamps | Separate created, modified, accessed, and collected times |
| Audit logs | Record upload, analysis, deletion, and sharing actions |
| Retention policy | Confirm deletion schedule and legal hold status |
Report Writing Cautions#
- Do not rely on the AI conclusion alone.
- Avoid using uncited statements as core findings.
- Distinguish timezone, system clock skew, backup creation time, and user activity time.
- Label inference as possible, likely, or requiring further confirmation.
- Verify original evidence and acquisition process before legal use.
Next Steps#
Continue in the service
Move from this guide into a sample workflow or the relevant upload surface. Upload real evidence only when you have lawful authority.