It is a good idea to write notes during validation of a VM in ransomware recovery, to document your findings for yourself and for others on your team.

When you start a VM in validation, it is considered an 'iteration'. Every time you change snapshots of the VM in validation, it is considered a new iteration.

For each iteration of VM validation, you can write notes to document which VM snapshots are good and which are bad. You can also describe what methods you used to recover a VM or files, such as removing malicious files or patching malware during scans.

You can add iteration notes in the VM info panel for any of the iterations:

User notes panel.