Yes, that would have been better. Probably Caine for the investigation: https://www.caine-live.net/

I haven't messed around with Caine enough to know what I'm doing though. I also don't know how to remove windows malware from a linux iso live environment.

Now as far as the "even safer don't run windows" side of this, I feel this is missing the point.

The point is, I was hacked and still didn't lose my Bitcoin

This is because I have a multi-sig with other computers that are turned off and never connect to the internet.

That all being said, I have thought about it after this attack, and yes I think my windows computer needs to be a full watch and broadcast only wallet rather than a 1 sign and many watch wallet.