Someone reported a computer on an open network had a file share with illegal images. We tracked it down by its mac address through the switch port.
Federal agents had us accompany them to seize the computer and verify it was the same MAC address we had captured through the switch for that machine. That was enough evidence for them to seize the laptop.
During the investigation one of the officers failed to lock the drive and image it before accessing the files to look for illegal material.
I had to go testify in the case and waste a week sitting in the court room only to have the whole case thrown out on the grounds of potential tampering of data (file access times were for periods of time the device was in the Marshalls possession). The guy got off. I heard he was busted again several years later.
So as the poster stated, soon as you view that data and the access time stamp changes, YOU could be liable for that content as well. Very slippery slope.