I just have had a Windows 11 virus struck device (SOURCE) HP Elite 800 Mini Desktop G9 512SSD that I wanted to take a full image of, and check that it will boot in Hyper-V.

This is the process:

Download the latest CloneZilla and copy it to a USB Key using rufus in DD mode

Login to the Windows 11 SOURCE Device and remove BitLocker encryption (CloneZilla won't image it properly if it is encrypted)

Disable-BitLocker -MountPoint "C:"

Boot to BIOS of SOURCE and disable secure boot (this allows CloneZilla to boot), set the CloneZilla USB key as the first boot device

Plug a large external USB drive into SOURCE. This will serve as the target for the CloneZilla partition snapshots

Using the Clonezilla non-advanced settings take a full image of the C: drive of SOURCE and all its parts with the large external USB drive as the target. I think it is the device-image wizard options for CloneZilla.

On Windows 11 HOST create a 1TB VHDX file and mount it on the HOST, initialize and format it as NTFS, copy the CloneZilla files to the 1TB VHDX

After the file copy is complete unmount the 1TB VHDX from the HOST OS

Create a Gen 2 Hyper-V Guest VM with a hard drive the same size as the original device, in my case this was 512GB. DO NOT add a Virtual Switch to stop the virus infected GUEST OS from talking to the network. Also add the 1TB VHDX drive into the VM

Disable secure boot in the VM settings and boot the VM using the CloneZilla ISO.

Restore the CloneZilla Image from the 1TB drive onto the 512GB VHDX

After CloneZilla finishes, Shutdown the GUEST and detach the 1TB VHDX drive.

Boot the Hyper-V GUEST and wait a long while, while it sorts its new hardware out.

You should now have a working Hyper-V Guest

Delete the 1TB VHDX from your HOST storage.