I think OP is defining a state where the victim has been hacked and the attackers real motive is to place incriminating data on the victim's device. If the agencies are not up-to the mark or compromised, Forensics won't do any good. So there's no point discussing about prevention, however valid the advise might be for general security.

Now we have a way to check the integrity of data through hash, even normal consumers check MD5, SHA256 of downloaded files from Internet for integrity. We can prove at any court of law that the integrity of the file was compromised without any help from experts. I feel such a system for overall computer integrity is inevitable and would be a milestone for cyber security.