SSH (Secure Shell)is specifically designed to provide anencrypted channelover an untrusted network. In digital forensics and incident response, SSH is well known for supportingtunneling/port forwarding, where traffic for another protocol (for example, HTTP, database connections, or remote desktop) is encapsulated inside an SSH session. Because the SSH session encrypts payload data (and can also protect authentication and command content), the tunneled traffic becomesobfuscated to network monitoring toolsthat can only see metadata such as source/destination IPs, port numbers (often TCP/22), timing, and byte counts. This capability is frequently discussed in forensic references as a mechanism that can hinder content inspection and complicate attribution of user actions purely from packet payload analysis.
By contrast,SNMPis primarily for network management and monitoring, not secure tunneling.ARPresolves IP-to-MAC addresses on local networks and does not provide encryption or tunneling.UDPis a transport protocol that can carry data for many applications but provides no built-in security or tunneling features by itself. Therefore, the protocol that creates secure tunneling enabling content obfuscation isSSH (C).
event logs) to establish user intent and sequence of actions. Therefore, the correct option isBrowsingHistoryView (B).
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit