How would you investigate suspicious activity on a Linux system compared with a Windows system at T-Mobile?