Oddbean new post about | logout
 The scenario as proposed is not possible. Not in only 10 minutes, and not without leaving ANY logs. 
 @Enki had a good point though that with remote login they could delete the logs as soon as I got it turned back on maybe? 🤔 
 My MacOS forensics skills are a little rusty, but even that would leave an indication that something happened for someone looking. 

But I don't think you could even get that far if the device is locked and password protected unless you already know the password.