Support Scope Matrix
Support Scope Matrix#
This page helps users decide whether their evidence source is a good fit for unJaena AI. It intentionally avoids internal parser implementation, search ranking, private detection rules, prompts, and server-side profile logic.
How to Read Support Counts#
unJaena AI uses 650+ supported artifact definitions to guide collection, parsing, indexing, and evidence search. That count is not internal source code, and it does not mean every artifact is always collected in every environment. Actual case coverage depends on the operating system, installed applications, permissions, user consent, collection profile, and the quality of uploaded evidence.
This matrix is written at a public customer-facing level so teams can judge fit before using the service. Internal parser priority, server validation behavior, private detection rules, prompts, and search ranking weights are intentionally not published for service security and anti-evasion reasons.
Sources and Input Methods#
| Source | Input Method | Main Surfaces | What You Can Review | Key Limits |
|---|---|---|---|---|
| Windows | Collector live collection, uploaded files | AI analysis, manual review, timeline, report | Execution traces, event logs, registry, USB, browser, user activity | Administrator and lawful authority required |
| macOS | Collector live collection, uploaded files | AI analysis, manual review, timeline, report | Unified Log, FSEvents, Spotlight, Safari, TCC, user activity | Scope depends on Full Disk Access and OS policy |
| Linux | Collector live collection, uploaded files | AI analysis, manual review, timeline, report | syslog, journald, auth logs, shell history, SSH, browser traces | Distribution and privilege level affect coverage |
| iOS | USB direct collection, backup files, extracted artifacts | AI analysis, manual review, timeline, report | Messages, calls, contacts, Safari, location, app data, media metadata | Trust pairing, backup password, and iOS policy affect scope |
| Android | USB direct collection, extracted artifacts | AI analysis, manual review, timeline, report | SMS, calls, contacts, app list, browser, Wi-Fi, device settings | USB debugging, rooting, and app sandboxing affect scope |
| OpenText EnCase | EnScript selected-entry upload | AI analysis, manual review, timeline, report | Selected evidence entries and metadata from an EnCase case | Does not replace EnCase acquisition or examiner validation |
| General files | Web upload | Artifact viewer, AI analysis, report | Documents, logs, archives, extracted evidence bundles | Parser support depends on format |
| Malware samples | Malware Lab upload | Overview, YARA, behavior, graph, AI analysis, Q&A, report | File risk, capabilities, IOCs, MITRE mapping, code and behavior summary | Private rule text and scoring formulas are not disclosed |
| Evidence indicators | Emails, IPs, domains, URLs, and file hashes extracted from cases | AI-analysis support, timeline, report | Original artifact links, IOC relationships, repeated cross-case indicators, file-account-event links | No private-account access, access-control bypass, real-time location tracking, Tor deanonymization, or raw leak collection |
| Contracts | Contract review upload | Contract analysis report | Clause-level risks, obligations, termination, liability, jurisdiction hints | Information analysis only, not legal advice |
| ScriptForge requests | Natural-language requests, Python, YARA, Sigma, VQL, EnScript, and C# X-Tension requirements | ScriptForge automation | Automation code, explanations, test guidance, review points | Generated code must be reviewed and approved by the user |
Analysis Surfaces#
| Surface | Purpose | Best Fit |
|---|---|---|
| AI Analysis | Natural-language evidence search and synthesis | Incident traces, exfiltration, insider risk, AI usage traces |
| Manual Review | Direct artifact filtering and review | Verifying AI answers, checking a file, log, or time range |
| Timeline Analysis | Ordering events over time | Infection flow, USB-before-after activity, account changes |
| Evidence Relationship Review | Connect case-derived identifiers to original evidence | Email, IP, domain, URL, and file-hash relationship review, malware IOC checks, cross-case linkage |
| Artifact Viewer | Inspect parsed evidence items | Opening cited evidence and checking original context |
| Integrated Report | Share investigation output | Internal reporting, client reporting, follow-up direction |
| Malware Tabs | Interpret sample structure, behavior, and IOCs | Suspicious-file triage, IOC extraction, case linkage |
| Contract Lab | Review contract clauses for information risks | Pre-signature review and obligation mapping |
| ScriptForge Automation | Convert investigation intent into executable automation drafts | Python, YARA, Sigma, VQL, EnScript, and C# X-Tension repeatable work |
Not Published Here#
- Internal parser code and mapping logic
- Chimborazo search strategy, ranking weights, and full prompts
- Private YARA rule text or bypass-relevant detection details
- Server API headers, token validation details, and internal paths
- Queue, database, infrastructure, and operational security details
Next Steps#
- Forensic Lab Query Guide
- Evidence Relationship Review: connect case-derived identifiers to original evidence
- Collector Guide
- Malware Result Interpretation Guide
- ScriptForge Guide
- Contract Lab Guide
Continue in the service
Move from this guide into a sample workflow or the relevant upload surface. Upload real evidence only when you have lawful authority.