The preservation record includes repeated letters, emails, and fax notices directed to government and vendor custodians.
The public captures establish the interface state visible at the recorded times. They do not identify a human actor or prove backend causation by themselves.
That is why the preservation demands target access logs, WAF and CDN records, database and application logs, deployment history, vendor tickets, retention actions, administrator events, and before-and-after content records.