I can speak to this topic. A popular linked subject is Child Pornogory cases. I've been involved in quite a few of them from both a prosecution and defense perspective and the law here in California says that the user needs to knowingly have possession of the content and the way you do that is proving the End user is at the computer logged in watching the footage. This in reality is VERY VERY hard to prove in of itself unless other circumstances exist such as the User had a complex password that only that person would know and timestamps match up or there are multiple copies of the data on the user’s personal thumbdrives scattered around the house. So the prosecution normally tackles this issue indirectly and normally is successful. In an event where there are multiple multiple computers and people living in the same house with multiple OPEN wifi access points it gets a bit more difficult. Normally they get a warrant and arrest the owner of the house / computers after they run their search on the computers then they proceed with the interviews of everyone in the house.
The point above is they don't normally key off of just logs on the local machine. It would be quite a stretch for convincing a jury just based on that. It's normally from the Interviews and search of the house on how you can pinpoint the abuser.
Now to the hacking point, Most people don't know a real hacker, and if they did they wouldn't know it. Allot of people who call themselves a hacker really are mostly script kitty’s and use a device called "Trojan Horses", Sub7, NetDevil, Beast, ProRat are a few that come to mind and are known as "RAT"'s (Remote Administration Tools). To the commoner alot of people think this is a hack but it's just a simple remote control program that normally has "Keyloggers" etc etc. This is great IF YOU USE A DAMN VPN TO MASK YOUR IP. If you are the hacker you must send data to the slave/victim computer. In order to do this you must transmit your return address on the letter you send to the computer so the computer knows how to send the response back. This is bad Joo joo for the hacker because like Quincy said below he used a "Packet Sniffer" (Ex. Wireshark, Ethernal). The person being hacked if they know anything at all can see the return address printed on the packet. A simple warrant to the ISP of the IP address which IS PUBLICLY POSTED can result in the ADDRESS of the hacker. This is Hacking 101.. You never do this. You always purchase a remote VPN from another country that has no regulations of keeping tracking logs in the ordinary course of business. One's in Russia are a great example. They don't have to respond to USA court orders and even if they wanted to they wouldn't have the tracking information by the time the warrant reached them. Even if they did, Tunnel twice. Now before getting too much into it your already getting into LA LA land because this would be a targeted attack. If you talked about not being targeted indirectly I've never once in the 16 years I've worked in this field ever heard of a Virus downloading PTHC (Preteen Hardcore/Illegal) content to a victim’s machine. Why? There is no money in it. You make money by using a CryptoLocker mechanism. Holding the person's data at ransom. So there's really no point to do what you are asking.
So circling back around to you question the evidence they use is the same stuff you use to secure the machine.
1: Was the AP open to the public?
2: Where there other's in the house
3: How many passwords did the user have to go through to get to the point of committing the Crime.
4: Witnesses to testify how much time you spend on the computer
5: Security Software Installed? Firewall?
It's a double edge sword. The prosecution will argue (and they will) That' you AP was secure and only you and a few others knew the password, Your computer user profile was locked and no one else had access to it. Only you had access to this email address that had a confirmation email from some other source, Fred says you spend a lot of time on the computer and that you were not hacked because you used security software/firewall and your machine was secure.
But on the other hand if you do its less likely for that stuff to happen.
If you are truly concerned about not getting hacked I recommend one HUGE THING. Do not run your machine as an Administrator full time. You should always be a limited user, ALWAYS unless installing a piece of software. This is 1000% more effective than anything listed above. Next apply the CIS standard benchmark’s below.
https://www.cisecurity.org/cybersecurity-best-practices/
