Removing a QRadar Incident Forensics managed host
To change network configuration settings or if there is an issue with seeing the Forensics tab, you can remove the QRadar Incident Forensics managed host (IBM QRadar Incident Forensics Processor) from the QRadar deployment.
If the QRadar Incident Forensics managed host was responsible for forensics recoveries, the data is lost when you re-add the QRadar Incident Forensics Processor.
If you don't remove the QRadar Incident Forensics managed host, but instead it becomes temporarily unresponsive because of power failure or other issue, jobs for the managed host are still scheduled and are processed when the managed host comes back online.