If there is spyware on a machine, doing it's dirty thing without the users knowledge or consent, then any piece of event logging, keystroke logging or pictures taken is suspect. It could be produced by the user, by other spyware, or by a hacker with access to the machine.
The very fact that the 'evidence' is collected by spyware is full evidence that spyware is performing activities the user is unaware about. It implicitely proofs the machine is not under full user control. It therefore proofs not all actions performed at the machine are endorsed by the user.
Since one piece of spyware/malware managed to get installed on the computer means users anti virus and anti malware software is not up to its task. If that is the case, then the installation of other spyware/malware packages is very likely. Meaning there is reasonable doubt about who or what did a download.
And you can not convict a suspect if there is reasonable doubt - not yet anyway.