As part of a Trading standards investigation my mac osx version 10.7.5 desk computer was seized. they had it for several months. i'm assuming they have all the info off it. i know the date they seized it and the date i got it back. i have opened console but how can i see what files have been copied? at present can't see any activity on the dates it was missing. btw it had the normal mac password i'm assuming this can be easily bypassed. any thoughts?