Indicating infected snapshots in a snapshot chain

What is claimed is: 1. A method, comprising: identifying, in respective snapshot chains for respective computing objects of a plurality of computing objects, a most recent, non-infected snapshot, wherein the identifying comprises mounting snapshots in the respective snapshot chains and determining whether the mounted snapshots are infected by malware, and wherein a first computing object of the plurality of computing objects is a first virtual machine, a first file system, a first database, or a first network attached storage system, and a second computing object of the plurality of computing objects is a second virtual machine, a second file system, a second database, or a second network attached storage system; displaying a graphical user interface showing: at least a portion of the respective snapshot chains, wherein the respective snapshot chains are represented as one or more individual snapshots, and wherein a representation of an individual snapshot indicates whether the individual snapshot is infected with malware, and across the respective snapshot chains, a cut line delineating infected snapshots from non-infected snapshots, wherein snapshots above the cut line are restricted from being recovered; receiving a command to recover, for the respective computing objects, non-infected data; and recovering, in response to the command, for the respective computing objects, a non-infected snapshot from the respective snapshot chains in accordance with the cut line. 2. The method of claim 1 , wherein the identifying comprises: mounting the snapshots in the respective snapshot chains in reverse chronological order. 3. The method of claim 2 , wherein the mounting and the determining is repeated until at least one non-infected snapshot in the respective snapshot chains is identified. 4. The method of claim 2 , wherein the mounting and the determining is repeated past at least one non-infected snapshot in the respective snapshot chains being identified. 5. The method of claim 1 , further comprising: repeating the identifying for all computing objects in a system. 6. The method of claim 1 , wherein the determining comprises: applying YARA rules and hash matching to a mounted snapshot. 7. The method of claim 1 , wherein mounting the snapshots comprises mounting the snapshots in a sandboxed virtual machine. 8. The method of claim 1 , further comprising: hydrating data in a mounted snapshot before the determining. 9. An apparatus, comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the apparatus to: identify, in respective snapshot chains for respective computing objects of a plurality of computing objects, a most recent, non-infected snapshot, wherein the identifying comprises mounting snapshots in the respective snapshot chains and determining whether the mounted snapshots are infected by malware, and wherein a first computing object of the plurality of computing objects is a first virtual machine, a first file system, a first database, or a first network attached storage system, and a second computing object of the plurality of computing objects is a second virtual machine, a second file system, a second database, or a second network attached storage system; display a graphical user interface showing: at least a portion of the respective snapshot chains, wherein the respective snapshot chains are represented as one or more individual snapshots, and wherein a representation of an individual snapshot indicates whether the individual snapshot is infected with malware, and across the respective snapshot chains, a cut line delineating infected snapshots from non-infected snapshots, wherein snapshots above the cut line are restricted from being recovered; receive a command to recover, for the respective computing objects, non-infected data; and recover, in response to the command, for the respective computing objects, a non-infected snapshot from the respective snapshot chains in accordance with the cut line. 10. The apparatus of claim 9 , wherein, to identify the most recent snapshot, the instructions are further executable by the processor to cause the apparatus to: mount the snapshots in the respective snapshot chains in reverse chronological order. 11. The apparatus of claim 10 , wherein the instructions are further executable by the processor to cause the apparatus to: repeat the mounting and the determining until at least one non-infected snapshot in the respective snapshot chains is identified. 12. The apparatus of claim 10 , wherein the instructions are further executable by the processor to cause the apparatus to: repeat the mounting and the determining past at least one non-infected snapshot in the respective snapshot chains being identified. 13. The apparatus of claim 9 , wherein the instructions are further executable by the processor to cause the apparatus to: repeat the identifying for all computing objects in a system. 14. The apparatus of claim 9 , wherein, to determine whether the snapshots are infected by the malware, the instructions are further executable by the processor to cause the apparatus to: apply YARA rules and hash matching to a mounted snapshot. 15. The apparatus of claim 9 , wherein, to mount the snapshots, the instructions are further executable by the processor to cause the apparatus to mount the snapshots in a sandboxed virtual machine. 16. The apparatus of claim 9 , wherein the instructions are further executable by the processor to cause the apparatus to: hydrate data in a mounted snapshot before the determining. 17. The apparatus of claim 9 , wherein the instructions to display the graphical user interface are further executable by the processor to cause the apparatus to: display an indication of whether a snapshot is encrypted by malware as determined by a measure of entropy of the snapshot. 18. A non-transitory, computer-readable medium storing code comprising instructions executable by a processor of a device to cause the device to: identify, in respective snapshot chains for respective computing objects of a plurality of computing objects, a most recent, non-infected snapshot, wherein the identifying comprises mounting snapshots in the respective snapshot chains and determining whether the mounted snapshots are infected by malware, and wherein a first computing object of the plurality of computing objects is a first virtual machine, a first file system, a first database, or a first network attached storage system, and a second computing object of the plurality of computing objects is a second virtual machine, a second file system, a second database, or a second network attached storage system; display a graphical user interface showing: at least a portion of the respective snapshot chains, wherein the respective snapshot chains are represented as one or more individual snapshots, and wherein a representation of an individual snapshot indicates whether the individual snapshot is infected with malware, and across the respective snapshot chains, a cut line delineating infected snapshots from non-infected snapshots, wherein snapshots above the cut line are restricted from being recovered; receive a command to recover, for the respective computing objects, non-infected data; and recover, in response to the command, for the respective computing objects, a non-infected snapshot from the respective snapshot chains in accordance with the cut line.