Given a search warrant the ISP will provide all the logs and so on without needing the machine to be seized, they have clear procedures in place for it. They should also have secure backups to reduce the likelihood of tampering. Like any company they also have procedures in place to audit their kit to stop this sort of thing, and having multiple admins with access makes it harder to hide, but if the cops think it's inadequate they'll still seize kit to check.
Citizens (in most countries) can do whatever a company can, but don't always get the same protection that's offered by doing it commercially with the corresponding requirements for regular checking. There's nothing stopping an individual getting their access mechanisms and machine audited, so if something illegal shows up through hacking or a virus then they'd have a defense in court, it just doesn't happen because it's expensive and not worthwhile.