An administrator needs to capture an exact copy of an employee's hard disk who is suspected of emailing proprietary information. What should the administrator use?

The most suitable tool for capturing an exact copy of an employee's hard disk is 'dd'. This command-line utility is widely used in Unix and Linux environments for low-level copying and backup of files, disks, and partitions. It is capable of creating a bit-for-bit copy of a hard drive, which is essential in forensic investigations, as it ensures that every piece of data, including hidden files and file system metadata, is preserved exactly as it appears on the original device.

Using 'dd' allows the administrator to acquire an image of the hard disk without altering any of the original data, which is critical when dealing with potential evidence in a security investigation. This ability to make an image copy aids in maintaining the integrity of the evidence, allowing for further analysis without risking contamination of the original data.

The other options do not serve this purpose: 'chmod' is a command for changing file permissions, 'dnsenum' is a DNS enumeration tool used for gathering information about DNS records, and 'logger' is used to add entries to the system log. None of these tools would be appropriate for creating a forensic copy of a hard disk.