You need to investigate a potential security incident where a former employee may have used a service account key for unauthorized access to Google Cloud resources within the last two months. How should you proceed to confirm this access and identify the user's activities?