It's a wall of text. But I did see you write about a Court appearance.
Now that is where your attorney tells you how to prepare as well as getting help with evidence collection.
This is not something you would take to the open market or forum as it's all about your legal case. Your attorney must guide you here.
HI, I'm hoping someone can shed some knowledge on my situation. I'm in the middle of a nasty divorce and child custody case. I know that all of this might sound unbelievable, but I have some fairly knowledgeable friends who are helping me. So here goes. I was given an iPhone 6s+ under what I now think were suspicious circumstances. My friend, who is friends with my wife, said that she got it as a replacement from asurion (phone insurance co), but had already bought a new one and that they didn't want it back. I strongly believe that the 6s+ was brand new. My wife had been bugging me endlessly to get a phone so I took it. Shouldn't it have come back to my friend, who has Verizon, as a CDMA phone? Well, either way, I never had a chance to activate it. When it got near my desktop Gateway computer at my shop, it showed ATT 28.3, and is attempting to download 7 +/- gigs of god knows what. I have not put a sim card in it. Does that mean that it's trying to install via bluetooth? I only had a few songs and some small files on my iCloud, which has been hacked and emptied. I have charter internet, but I've always just paid the ATT bill to keep my email address because of the hassle of changing over all of the email nonsense. The only line that we have running into the shop is the charter cable line, and a line to the fax. The ATT service is DSL, correct? I have no known ATT routers. Now the phone system is locked out. I don't mean the 6 digit passcode, I mean the 4 digit account pin. It says "yahoo", but I can't get to it. I shut it down and haven't turned it on since (approx. 4 months ago). A week prior I noticed strange activity in the Gateway tower. A Malware scan revealed 1 virus in processes, 0 in modules, 4 in registry keys, 1 in reg. values, 6 in folders, and 24 in files. 341405 objects scanned. a SUPERAntiSpyware scan on 5/10/17 revealed 0 memory, 0 registry out of 72542, and 1041 out of 41811 in files. Right after this Admin. login activity began remotely, with a new computer name and domain. This is when the iPhone activated and began to download. A SUPERAntiSpyware scan on 5/12/17 revealed 0 memory, but now 20 registry out of 76777 and 33 file out of 9369. I did quarantine all of the viruses, but printed a log first. I then pulled the plug on the tower. Because I have to communicate with my attorney, I bought a Lenovo 80R9 running Windows 10. I fired my first attorney due to very unusual behavior, and my new attorney told me on 6/26 that she and my former attorney had a phone conference scheduled for 6/28/17 at 2p.m. On 6/27 the systems log on the Lenovo started to go crazy, with dozens of repeated operations, clock manipulations, Admin. activity, file manipulation, etc. This continued until 6/28, and while I was composing a critical email to my new attorney regarding the inconsistencies of my previous attorney, at approx. 11 am, the entire system crashed, damaging the "C" drive. I copied the bulk of the system logs to thumb drives. I went out and bought an identical Lenovo and had an electrical engineer friend compare the compromised unit to the unused unit. One item that showed up was Winstore.app.exe. We suspect that it was used to manipulate the Admin. accts. It appears to be a Microsoft file but is, at least in this version, not. So now I'm wondering how to find via the event log how the 2 day old Lenovo was forced to crash. Having that evidence in court would be huge. The apple store doesn't get it, they just want to wipe the phone. I want to discover Point of Sale, IP Addresses, Repair logs, pre-installed lock out software, and of course the gigs and gigs of info that have not yet installed. I should mention that I let the ATT service plan (internet 12) go in Feb. I think, but then I got a bill stating that the restoral fee and 2 months have been back payed. By who? Well, according to the credit card, me of course. I also have an iPhone 5 that showed a white screen with black lettering stating that all systems had crashed (now passcode protected), and an older 4 that still works, although I see some unfortable stuff installed on it (mostly porn). I haven't used it in years, I gave it to my son years ago and frequently monitored it. I had a Galaxy S7 edge that my wife smashed, but we extracted some text using the voice command as the screen was destroyed. One day it said" turning on", "accessing files", "remov...." that's as far as they got before I yanked the battery. I see more clearly what is going on here. She has the help of someone in the business of "enforcement", and he's made himself cryptically known and I'm at the receiving end. She's gotten most of the texts with incriminating evidence against her. Meanwhile, she's keeping me from getting online to do what I do best, ebay. My faxes from my wholesale accts. are being re-directed. I made the mistake of buying a new HP fax with direct WiFi, and my employees phone has connected with it and it's transmitted over 8K packets in the few days that it's been on. I've been trying to write on my new Lenovo, which has never been online, has no router connection, and is in Airplane mode has has still had the following processes running: WCNSVC, UPnP device host, Timebroker, TCP/IP netbios helper, SSDP discovery, Remote access auto connect, Network loc. awareness, Network list service, IP Helper, Dist. Link Tracking, Background Transfer, Network broker, WCNC Connect Now, Win HTTP proxy auto connect, Wlan Auto Config. Wyse Remote Access, Wyse cloud, Cryptographic Setup, Must-not-fail remote access fe80::64
f5.vpb.client I.D. Neighbor discovery-ICMPv6-4. This is just one page. So, after all of that, and trust me there is not much more, what in the world am I supposed to do. Court is commings oon.

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic