A company's legacy application, hosted on a single Amazon EC2 instance, uses an IAM access key embedded in its code to access an Amazon S3 bucket named DOC-EXAMPLE-BUCKET1. The access key is authorized for s3:GetObject permissions on all objects within this bucket. Due to security policy violations, the application has been decommissioned. The company has AWS CloudTrail enabled across all regions, with logs being delivered to another S3 bucket named DOC-EXAMPLE-BUCKET2, but without integration to Amazon CloudWatch Logs. The company seeks to ascertain whether any objects in DOC-EXAMPLE-BUCKET1 were accessed using the IAM access key within the last 60 days, and specifically, if any text files (.txt) in the bucket contain personally identifiable information (PII). What steps should the security engineer undertake to collect this information?