Baseline profiling is the key to getting a better and faster incident handling process. While analyzing different Linux components, core system services, filesystem paths, and other subsystem configurations, you are going to better understand where exactly attackers can leave backdoors as a persistence method. In this chapter, you will learn about various OS  locations and persistence methods including one-liners and obfuscation vs Live Forensics at scale using OSquery, Sandfly, Velociraptor, and more.