Usually, you cannot determine the user.
The web server log could in principle also log user information; however, only when it understands the authentication information. This is typically not the case for Plone's authentication cookies.
Same applies to the
Z2.log, even though this is written inside Zope. The
ZServer component which writes those log entries, is not integrated with the authentication component (I have written a local extension to change this).
I have not much hope that you will be able to determine who has downloaded the sensible file.