Chain of custody in Cybersecurity - Time & Space Complexity

When managing digital evidence, it's important to know how the process scales as more items are handled.

We want to understand how the effort grows when tracking the chain of custody for many pieces of evidence.

Analyze the time complexity of the following chain of custody tracking process.

// Pseudocode for chain of custody tracking
records = []
for each evidence_item in evidence_list:
    record = create_record(evidence_item)
    records.append(record)
for each record in records:
    verify_signature(record)
    log_access(record)

This code creates a record for each evidence item, then verifies and logs each record.

Look at the loops that repeat actions for each evidence item.

• Primary operation: Creating, verifying, and logging records for each evidence item.
• How many times: Once per evidence item, repeated for all items in the list.

As the number of evidence items grows, the number of operations grows similarly.

Input Size (n)	Approx. Operations
10	About 30 operations (create + verify + log per item)
100	About 300 operations
1000	About 3000 operations

Pattern observation: The work grows directly with the number of evidence items.

Time Complexity: O(n)

This means the time to track chain of custody grows in a straight line as more evidence items are added.

[X] Wrong: "Adding more evidence items won't affect the time much because each record is handled separately."

[OK] Correct: Even though each item is handled separately, the total time adds up because every item requires its own processing.

Understanding how processes scale with input size shows you can think about efficiency and resource needs in real investigations.

"What if we added a nested loop to compare each evidence item with every other item? How would the time complexity change?"