It's nice to see a reasonable proposal. If you are going to present criminal evidence based on the output of a computer system, it is only reasonable to demand access to a bug tracker, the QMS control documents, audits, and a chain of custody. If you can't produce that easily, then your evidence shouldn't be worth much.

The big win would in this case would be that when the vendor conspired to hide bugs from their own tracker, they would have been creating criminal liability for their employers. Which Fujitsu and their subs richly deserve.