Law enforcement will look for evidence to win a case. They will NOT look for evidence that may lose their case. It will not be considered. In this context, anything goes, even cached stuff that you might not even have ever seen, which put there by malicious links or by prefetch. You are presumed guilty by law enforcement and it's their job to create evidence to support that presumption.
Evidence extraction can be destructive or, at best, may only alter the original evidence. There have been plenty of cases where collecting evidence has altered the original data or destroyed it. In some cases, the evidence did not exist until it was created by buggy or amateurishly designed analysis or forensics software, or by incompetent or just plain malicious people. Too often, law enforcement believes that "an exact copy or image" of the original data is all that is necessary. There is only their word that it is an "exact copy or image" of the original. That means that the defendant, or victim in such a case, has no way to refute the "evidence" collected.
It is too easy to plant stuff on any PC. Absolutely no password or login of any kind is required and it can be done easily without leaving any trace. People are too naive to imagine that it's possible for anyone to have access to your PC or put crap on it without your knowledge. Fortunately, the vast majority of people are also far too naive to think about planting stuff on someone's PC. That will change as such cases become more frequent, more public, and more people become more savvy about computers.
By the way, with regard to "creating evidence", there are training programs and seminars for law enforcement, forensics people and prosecutors that are all about creating evidence and selling it to a court and jury. "Evidence Creation". Scary, no?