I guess that's what the court case is for. But bear with me for a while here.
I have worked in SQL development, but I'd be damned if I could get a random laptop to connect to a random company's network. Let's assume this guy is similar to me - knows a company laptop can connect to the company network, but wouldn't know where to start to get another laptop to. The file? Sure, it could be transferred, don't know why they would bother mentioning it, unless by "file" they actually mean it had an auto-log in system of some sort, or saved passwords, or something similar, more than just a .txt.
Now let's assume the company network keeps logs of what computers are connected (which seems reasonable), by what means (eg which wifi access point), and who those laptops were issued to. Let's also assume they have some CCTV, hence the accusation of trespassing. This all seems pretty likely.
We already know he used someone else's account, presumably for a test, before he left.
From those bits of information, it is pretty trivial to build a fairly damning case, and of course there may well be plenty of important bits of information missing.
Sure, any one of those could be explained away (mac spoofing, can't prove he has the laptop, maybe he stayed out of CCTV view, maybe he had a legit reason to use the other person's account leading up to his departure...) but together, it seems to paint a pretty obvious picture.