Imagine you are part of an incident response team dealing with a compromised AWS EC2 instance. How would you utilize AWS CloudTrail and AWS Config to investigate and document the incident? Describe the steps you would take to ensure a thorough investigation and the recovery of the compromised instance.