One of the primary pieces of advice given in regards to Incident Response and Digital Forensics is to know normal, as it will help you find evil.'today's enterprises are often full of disparate one-off user workstations and different server builds. 'In this jungle of operating system configurations, when the administrators are asked if they have baseline documentation for any of them, the resounding answer is usually a sharp \No" accompanied by veiled chuckles.'this presentation will cover data points that should be a part of your system baseline and multiple commands used to gather them. 'Examples will be provided using the traditional Windows command prompt, the Windows Management Instrumentation Console (WMIC), and PowerShell, and some reasons why you may either need or want to use one versus another.'lastly, we will discuss the MITRE CALDERA automated adversary emulation system and how this can be leveraged to test endpoint security as well as the effectiveness of your baselines. 'It doesn't take expensive tools or an exorbitant amount of time to see marked increases in your Incident Response and Threat Hunting effectiveness.