Utah Real Estate Agent Kouri Richins Sentenced to Life After iPhone Searches Reveal Murder Plot

Context Richins’ husband Eric died in March 2022 from a fentanyl overdose. Police seized her primary iPhone weeks later and found deleted text messages and cell‑tower pings that placed her near the scene. In April 2022 she bought a replacement iPhone and began a series of searches that prosecutors later presented as evidence of intent to conceal the crime.

Key Facts Prosecutors highlighted five queries from Richins’ second iPhone: "can you delete everytginv off an old iphind without actually having ut," "can deleted text messages be retrieved from an iphone," "how.to.compleltley.wipe.a.iphkne.clear remotely," "can cops force you to do a lie detector test," and "women utah prison." A digital‑forensics investigator testified that additional searches on the same device showed attempts to learn how to erase data and avoid detection. The search history, combined with the deleted messages and location data, convinced the jury that Richins pre‑planned the murder and hoped to collect undisclosed life‑insurance policies.

What It Means The case illustrates how mobile device artifacts—search queries, logs, and deleted data—can become decisive evidence in criminal investigations. For defenders, it underscores the importance of preserving mobile forensic readiness. Recommended steps include: enabling full‑disk encryption with a strong passcode, disabling iCloud or other cloud backups that could be wiped remotely, configuring mobile device management (MDM) solutions to log uninstallation attempts and remote‑wipe commands, and monitoring for indicators of T1070 (Indicator Removal) and T1562.001 (Disable or Modify Tools) as defined in MITRE ATT&CK. Organizations should also ensure forensic tools are updated to recover data from APFS snapshots and consider regular backups to a secure, offline store.

Investigators should watch for evolving mobile‑forensics tools that can recover deleted data even after remote‑wipe attempts.