The Mac address would not be the key evidence used in a prosecution. IP addresses are usually the target. Something has to lead law enforcement to the attacker and that’s usually the IP address. If an attacker’s main form of hiding is to spoof his Mac address, he is wasting his time. Once law enforcement confiscates the computer, they will begin forensics. If the Mac address is the one hard coded in the card, that’s helpful, especially if there might be a house hold with several internet connections. If its not, they will look for things like software that changes Mac addresses. If that’s found, even though you might have spoofed your Mac ID, you are not off the hook. One thing I have noticed with sloppy attackers is they forget they have a lot of “hacking” programs on their box and that’s even more incriminating when they get caught than having an identified Mac address. Maybe the card had a different Mac ID than what was logged, but they find 3 programs for changing Mac addresses, that’s going to look bad. The best attackers remove their hard drive and hide it after their attack. If there box is taken away to be inspected, more than likely all they would see is a hard drive full of Disney movies. Movies legally downloaded of course, lol.