In the event of a security incident involving unauthorized access to sensitive data in an AWS S3 bucket, how would you use AWS CloudTrail and Amazon Athena to analyze the logs and identify the source of the breach? Describe the steps you would take to ensure a detailed and efficient investigation.