According to the CHFI v11 objectives underComputer Forensics Fundamentals,Forensic Readiness, andIncident Response Integration, forensic readiness refers to an organization’s ability toefficiently collect, preserve, analyze, and present digital evidencewhile minimizing the cost and impact of investigations. A lack of forensic readiness primarily affects how well an organization can respond to, investigate, and legally defend itself after an incident—not whether the incident causes operational disruption.

System downtime(Option B) is adirect operational impact of a cyberattack, such as a DDoS attack, ransomware infection, or system compromise. While poor preparedness may prolong recovery, downtime itself is not caused by the absence of forensic readiness; it is caused by the attack’s technical and operational effects. Therefore, system downtime isnota consequence of lacking forensic readiness.

In contrast, the other options are well-documented consequences of poor forensic readiness in CHFI v11. Lack of preparation often results ininability to collect legally sound evidence(Option D), which affects court admissibility.Limited collaboration with legal and IT teams(Option C) occurs when roles, procedures, and escalation paths are not predefined. Additionally, without proper controls and monitoring,data manipulation, deletion, and theft(Option A) may go undetected or untraceable.

The CHFI Exam Blueprint v4 emphasizes forensic readiness as a strategic capability focused onevidence integrity, compliance, and investigative efficiency, not on preventing or causing system downtime, making Option B the correct and exam-aligned answer