Support Scope Matrix
Support Scope Matrix#
This page helps users decide whether their evidence source is a good fit for unJaena AI. It intentionally avoids internal parser implementation, search ranking, private detection rules, prompts, and server-side profile logic.
How to Read Support Counts#
unJaena AI uses 650+ supported artifact definitions to guide collection, parsing, indexing, and evidence search. That count is not internal source code, and it does not mean every artifact is always collected in every environment. Actual case coverage depends on the operating system, installed applications, permissions, user consent, collection profile, and the quality of uploaded evidence.
This matrix is written at a public customer-facing level so teams can judge fit before using the service. Internal parser priority, server validation behavior, private detection rules, prompts, and search ranking weights are intentionally not published for service security and anti-evasion reasons.
Sources and Input Methods#
| Source | Input Method | Main Surfaces | What You Can Review | Key Limits |
|---|---|---|---|---|
| Windows | Collector live collection, uploaded files | AI analysis, manual review, timeline, report | Execution traces, event logs, registry, USB, browser, user activity | Administrator and lawful authority required |
| macOS | Collector live collection, uploaded files | AI analysis, manual review, timeline, report | Unified Log, FSEvents, Spotlight, Safari, TCC, user activity | Scope depends on Full Disk Access and OS policy |
| Linux | Collector live collection, uploaded files | AI analysis, manual review, timeline, report | syslog, journald, auth logs, shell history, SSH, browser traces | Distribution and privilege level affect coverage |
| iOS | USB direct collection, backup files, extracted artifacts | AI analysis, manual review, timeline, report | Messages, calls, contacts, Safari, location, app data, media metadata | Trust pairing, backup password, and iOS policy affect scope |
| Android | USB direct collection, extracted artifacts | AI analysis, manual review, timeline, report | SMS, calls, contacts, app list, browser, Wi-Fi, device settings | USB debugging, rooting, and app sandboxing affect scope |
| OpenText EnCase | EnScript selected-entry upload | AI analysis, manual review, timeline, report | Selected evidence entries and metadata from an EnCase case | Does not replace EnCase acquisition or examiner validation |
| General files | Web upload | Artifact viewer, AI analysis, report | Documents, logs, archives, extracted evidence bundles | Parser support depends on format |
| Malware samples | Malware Lab upload | Overview, YARA, behavior, graph, AI analysis, Q&A, report | File risk, capabilities, IOCs, MITRE mapping, code and behavior summary | Private rule text and scoring formulas are not disclosed |
| Contracts | Contract review upload | Contract analysis report | Clause-level risks, obligations, termination, liability, jurisdiction hints | Information analysis only, not legal advice |
Analysis Surfaces#
| Surface | Purpose | Best Fit |
|---|---|---|
| AI Analysis | Natural-language evidence search and synthesis | Incident traces, exfiltration, insider risk, AI usage traces |
| Manual Review | Direct artifact filtering and review | Verifying AI answers, checking a file, log, or time range |
| Timeline Analysis | Ordering events over time | Infection flow, USB-before-after activity, account changes |
| Artifact Viewer | Inspect parsed evidence items | Opening cited evidence and checking original context |
| Integrated Report | Share investigation output | Internal reporting, client reporting, follow-up direction |
| Malware Tabs | Interpret sample structure, behavior, and IOCs | Suspicious-file triage, IOC extraction, case linkage |
| Contract Analysis | Review contract clauses for information risks | Pre-signature review and obligation mapping |
Not Published Here#
- Internal parser code and mapping logic
- Chimborazo search strategy, ranking weights, and full prompts
- Private YARA rule text or bypass-relevant detection details
- Server API headers, token validation details, and internal paths
- Queue, database, infrastructure, and operational security details
Next Steps#
Continue in the service
Move from this guide into a sample workflow or the relevant upload surface. Upload real evidence only when you have lawful authority.