@ehBeth,
That's true for something like an E-mail, where every server that forwards the message writes to the message header.
It's also much easier to perform forensics on corporate systems, since most corporate environments will keep activity logs.
On a home system, with just a wireless router that doesn't keep any logs, it's much more difficult to trace what happens.
If search history were modified (including the file creation and modification dates), and the remote access program were deleted (and random data written over the file location), it would be difficult to show that any manipulation took place.