B) I think someone said to look for an energy file. Is it for sure there is going to be such a file and logged info dates/times when laptop was closed? " Look for the energy report etl file. It contains energy consumption details."
That was me and it is true, of course.
D) Confirm that logon type UNLOCK (7) does NOT necessarily mean that he logged on at the keyboard with his fingers and password.
Confirmed. It can also mean that he configured his screensaver not to lock the PC after a defined time. You move a mouse or touch it, and the desktop is open for work. In this case, the OS is logging on the user.
E) HOW do I find what date/time the items were actually SENT TO PRINT.
Have a look in the eventlogs (source Print) and try to carve the spooler file.
I do not know if they already adjusted for EST or if this is indicating that I need to subtract 5 hours myself.
Figure it out from a defined point in time with a certain event. Lets say "startup" or "reboot" - compare the filestamps and check for consistency. Some software works in UTC, some in local time zones….but this is usually recorded.
G) A plausible explanation for what may have happened here..
Impossible without knowledge of all facts.
H) Is there anyway to know about these Bing searches…
I have found that his laptop was in SLEEP mode during these search times!
No, sleep mode means sleeping to save energy. During sleep mode nothing happens…or are you able to make a cake while lying in your bed?
Tweedybird, you may have realized that digital forensics is really hard stuff. Most of us have background from University, are experienced developers or system administrators and have a huge amount of experience before calling themselves "Forensic Analysts". To be honest, you are limited by time, knowledge and experience. Your best choice might be the trust in the forensic analysts you already hired, only they have parts of the picture and access to the filesystem, registry, memory dumps. As another writer already mentioned, no serious analysis can be made from remote. Sorry- some of us might answer more general questions (as I did above), but nobody here will write the complete story.