Mobile device forensics in Cybersecurity - Time & Space Complexity

When analyzing mobile device forensics, it is important to understand how the time needed to examine data grows as the amount of data increases.

We want to know how the time to extract and analyze information changes when the device stores more files or apps.

Analyze the time complexity of the following forensic data extraction process.

function extractData(device) {
  let allFiles = device.getFiles();
  let extractedData = [];
  for (let file of allFiles) {
    if (file.isRelevant()) {
      extractedData.push(file.readContent());
    }
  }
  return extractedData;
}
    

This code extracts relevant files from a mobile device by checking each file and reading its content if it is important.

• Primary operation: Looping through all files on the device.
• How many times: Once for each file stored on the device.

As the number of files on the device increases, the time to check and extract data grows proportionally.

Input Size (n)	Approx. Operations
10 files	About 10 checks and reads
100 files	About 100 checks and reads
1000 files	About 1000 checks and reads

Pattern observation: The time grows steadily as the number of files grows, roughly doubling when the files double.

Time Complexity: O(n)

This means the time needed grows directly in proportion to the number of files on the device.

[X] Wrong: "The extraction time stays the same no matter how many files there are."

[OK] Correct: Each file must be checked and possibly read, so more files mean more work and more time.

Understanding how forensic tools scale with data size shows you can think about efficiency, which is important when working with real devices that have lots of data.

"What if the code used a search index to find relevant files instead of checking each one? How would the time complexity change?"