I apologize if there’s a good thread with this information. I didn’t see it while searching. So, question one of the companies I work with is looking to set up an internal process to try and disinfect hard drives and recover data which the user didn’t properly back up to the cloud. I don’t have a lot of experience in this area so wanted to ask for best practices from experienced people. Researching it seems like the general rule of thumb is.

Remove the infected hard drive. Connect it up to some kind of VM / Sandbox environment. Use maleware removal/forensic tools. Also see analysis framework tools seem popular to help automate it more and make it easier.

Curios what practices and tools/software people here would recommend and have good experience with. Any direction you can provide would be appreciated.