you can just boot with knoppix or so and remove the password string in /etc/shadow of the root account, now you would have access to the system as root...
This would make any evidence you gleened from the drive in admisable in a court of law. You have just let the bad guy off. Because you have changed the drive contents.