Take full screenshots of every terminal and store them in a file called Terminals - all. This is a backup should you miss an exact screenshot and cannot go back and get it during the reporting process.

Once you have the full attack path, retrace your steps and make sure you have notes for ALL steps that lead to successful privesc, clearly noted and screenshotted with an underlying understanding of the technology and the vulnerability at work.

Left-click: follow link, Right-click: select node, Scroll: zoom