You are going to have to dig into the data. IE create a query that have both tables, the data on the computer/user/TDG and then the other table that links the evidence. I did this once long time ago, so I will have to dust off the steps. The problem is writing the filter so you don't get all the other data that comes with it. HIPS and pulling all the parameters data comes to mind as an example.
The other option is to create a view in the SQL DB, then your ePO Query to call the view by hand-writing the XLM. I was going to have to do this again, but was a few months down the road, I see if I can't bump this up.
have you check query-others-DLP Events ?
Sorry, I don't have evidence collection on my test system yet to demo at this time.