Well if they guy was fancy...he could have an encrypted system that has two passwords.
One password reveals benign info. The second password gives the dirt. But if the benign password is used it proceeds to electronically destroy the illegal content by writing random 0’s and 1’s over the disk 10 times. Depending on how much stuff he has it may be fairly quick to do. But that would still require the investigator to log on to his machine with his OS loaded so the program could load. If the drive was removed it would be a bit tougher. But he could have the drive linked to his TPM chip on his computer and that would require them to use that computer to open it. So unless you get really fancy you’ll probably just use his system to unlock it and at the same time walk right into his trap.
Or what if he used an SSD drive? I believe those are even easier to clean.
And he could have used an onion router to hide his origins. Or he could use an onion router and then use terminal services on a hijacked computer to view the content. Now it would be really tough to track back.
I’m just saying there are still ways to destroy or hide. If you know of ways to track back in the scenerios I detailed I’d like to learn about them.
I would never claim that there is no way to defeat an investigation. But the methods you describe require more sophistication and technical expertise than the average kiddie porn collector appears to have. Are there some, especially the large scale commercial distributors? I'm sure there are, but that is the exception rather than the rule.