Hi. We have a Nutanix server with Qilin (AES-256/RSA-4096) ransomware incident. The server is compromised, so we extracted the physical disks apart. Someone can give details or links to reconstruct a virtual filesystem as a single raw ext3, ext4 or qcows2 filesystem to run autopsy or et. al. We have the tools, the experience, the equipment but we do not have the knowledge nor the tools to convert from ADFS distributed cloud filesystem to single volume / disk filesystem as extX, vmfs, LVM, … Nutanix server has 3 nodes, each node with 3 hard disks, so, it seems an RF=2 configuration. And please avoid suggestions as contact attackers, contact specialists, contact someone else, use the same server, use recoverit, recuva, testdisk ... We are the specialists and need help to deal with ADFS offline