To verify that copies were altered, they'd need to have a trusted original to compare it with.
Date and time stamps can be easily manipulated, though, alteration could leave a forensics trail on the filesystem.
Checksums are probably a more reliable means of comparison. If the checksums of both copies of the same file match, there is reasonable expectation that they contain the very same content.
As long as there is a copy of the imaged hard drive somewhere, the data can be found.
Also, if messages were sent and received, there may be recoverable information on the sender's computer, the recipient's computer, the message service servers, message relay servers, and from log files on each.
Also, if there were backup copies made, those backups could be another potential source.
There are also organizations crawl the Internet to save copies and snapshots of websites and web pages. Archive.org is well known. Then there are bad actors scraping the Internet for nefarious capture of data, such as 9chan.
Electronic communications leave many breadcrumbs and artifacts in many places, some of which are unexpected or unknown.