In 2023, Cado released a blog about how our analysts identified an artifact that will help investigators see what commands were executed by an attacker and the outputs they produced. In this follow-up blog, we will revisit the artifact (ipcTempFile.log) and explore how it is now disabled by default in AWS