You shouldn't keep the vm, even if encrypted. Delete it after use and overwrite the free space, to be sure. If you need to use it multiple times, script the install.
Also have on the same vm, tor, for sending any data. Register every account in the vm via tor. Get a Gmail /gdrive / one drive free account. Store your password in keepass and use rclone with encryption. Use a passphrase to encrypt.
Only access via tor again.
Dispose of the vms after every use. You want no evidence at all on your computers.
But the one big bit of evidence that can't easily get around with this is the business he set up and transferred money from. Would need to off shore it, in a country that doesn't check details, transfer the money to crypto (montero or something, not bitcoin first). Then only transfer bits at a time when you need money, don't go spending way beyond what you should be able to.