Why is it important to clear the cache after using certutil as a downloader?

When using certutil to download files, a copy is saved in the cache directory at `%USERPROFILE%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content`. This leaves forensic traces that can be detected by defenders. To clear evidence, you can either delete the files manually or run `certutil.exe -urlcache -split -f <URL> delete`. Related cleanup techniques are discussed in Penetration Techniques - Clearing Single Records in RecentFileCache.bcf and Amcache.hve.