This question is a whole lot of chaos.

It depends a lot on which country you are thinking of.

You say courts would look into log files. No, they don’t. Experts do stuff like that.

Why do you ask for industry standards when it’s about legal stuff. There are legal procedures. Or maybe not.

Whether anyone cares about user data, that’s one of the things that’s very very different in all countries.

If you have a computer at home and the cops think you might have evidence on it of some crime, they ask the judge for a warrant and then they take the machine and they put it in their evidence locker. Then nobody can manipulate it. I mean that assumes the cops are clean, which they aren’t, but it’s not every day that they tamper with evidence inside of evidence lockers.

Or maybe you’re asking about data stored in the cloud, like if you have some possibly incriminating spreadsheet in your Google account. Then the pigs would ask Google to make a copy of the data stored in your account, and Google would probably do that, then sharing the data with the pigs. So if you decided to edit the data later, it would be too late, the copy would already be out there.

Civil litigation in the US has different rules. At some point when you find out that someone is going to be suing you or is in fact suing you, you have a legal duty not to fuck with the evidence that’s likely to be relevant. If it is later discovered that you were fucking with the evidence, then the judge or jury might be able to assume that whatever you touched would have made you look bad. Of course the details matter. But anyway, suppose you want to edit some log file so you SSH into your server and then edit it, but that in turn creates a history of your login and commands that you executed, so then maybe you decide to delete your own history, but then the absence of your history is itself evidence of fuckery… All of that being said, we can be sure that some people are somewhat slick and somewhat lucky and get away with altering data from time to time. We just don’t know how often on account of them not getting caught.

Each side has the opportunity to use their own experts to ask those questions and analyze the forensic integrity of the evidence at issue. Even if your side doesn’t have an expert, your attorney still has the chance to question the other side’s expert.

So if there’s a piece of evidence based on an email sent from Alice to Bob, the way the evidence gets introduced is that it gets authenticated, by someone who would be in a position to speak to whether a particular document is authentic. The other side can seek to exclude the evidence if the basis for authentication isn’t strong enough. Or, it comes in, and the other side might want to challenge that the document actually represents what the other side wants to prove: maybe casting doubt on whether other people had access to Alice’s account, etc.

Or if you want to use a surveillance camera video, you’d generally have someone who maintains the system testify as to how the system records, where it stores the data, and how it adds timestamps to different videos. Then that technical person can usually testify that the timestamp is accurate, etc., and might have to answer questions about what happens when the system loses power or a connection, etc.

So it’s not that the courts in the US actually test the validity of evidence. It’s that the parties involved in the case can challenge the validity if the circumstances call for it.