DNS is one of those protocols that we, as DFIR practitioners, take for granted. Operationally, if DNS resolution is working properly, we're happy. Many organizations, however, fail to utilize DNS logs and associated intelligence within their response and investigative activities. This is in part due to the perceived lack of value associated with DNS logs and its associated features, such as name server, WHOIS, and hosting information, and more often due to the unavailability of the logs. This talk will present several tools (both commercial and open source) to help manage the deluge of information on even the smallest of budgets. We will also discuss how to enrich your data with valuable intelligence from freely available sources. Finally, this talk will highlight some real world investigative techniques where DNS and its associated features were used to add clarity to DFIR investigations.