It is not uncommon for forensic investigations to take weeks
While factually true, it's not relevant to what will have been discovered by now.
In my day-job I'm a cyber-forensic analyst. The very first thing I'd do on that drive is a run a timeliner - a program that extracts file events from the life of the drive. That is accesses, deletions, creations, moves etc. Timelining is by file-system nature incomplete but usually accurate. Luckily deletion events tend to hang around and also luckily, ensembles of events can give a pretty good picture of what happened even if many individual events are missing.
Timeliners can be run in minutes.
The investigators will already know with a high degree of certainty the macro events that happened on the drives over the past weeks and months. For instance installation or deletion of packages and system updates and when programs were last used. They will also have been able to recover most of the recently deleted files and fragments of files deleted some time ago (months to years).
They will have a full record of internet activity including web sites visited, search terms used. They will even have 'image' snapshots of many of the pages visited.
One thing that makes it more difficult is use of a secure deletion program. The actual content of files will be gone, but many of the file events will remain. Secure deletion would be a serious red-flag for investigators.
In conclusion. They already know everything they need to know / can know about the data.