Jenny is Alex’s girlfriend who grows concerned that she is unable to contact him. This is unusual for him as he always keeps in close contact, even when he is busy.

Jenny has a passcode to the smart door lock which Alex has given her. She only uses the code occasionally when she arrives home earlier than usual, or when his business delays him. Jenny is aware Alex is a drug dealer and enjoys the lifestyle from the money he earns.

Jenny opens the door and notices the windows and curtains are closed. There is an unpleasant smell in the house. Calling out to Alex brings no reply as she walks into the kitchen where she discovers a large pool of blood and what appears to be drag marks towards the internal door to the garage. Looking in the garage, she could not see his car. She frantically searches the house for Alex, however, she can find no sign of him. The contents of the drawers in the bedroom have been tipped onto the floor.

She returns downstairs, and again seeing the large amount of blood next to the table, decides to call the police. This is a difficult call for her as she is aware her boyfriend is a major drug dealer and having police in his home is the last thing Alex would want. However, as she cannot find him, and he is not answering his phone (which directs calls to a message bank), the trashed bedroom, the missing car and the blood trail convince her to call the police.

Upon receiving the call for the police, the controller sends a crew of uniformed officers to the scene. On arrival, they speak to Jenny outside the house and obtain a brief description of what she knows which is: that her boyfriend is missing along with his car, that there is a lot of blood within the house and that the bedroom has been searched with clothing thrown over the floor. The uniform officers are hesitant to enter the house as they do not wish to interfere with the integrity of the crime scene, however, their first priority is the preservation of life.

They ask Jenny whether there is much technology within the house, and she advises that Alex loves his technology. The whole house has been retrofitted to be a fully functioning smart house. Being aware of how smart houses collect data, one officer decides to enter the home to see whether they can locate Alex and provide emergency care. They are aware that there is the possibility of other injured persons within the scene that Jenny did not see, and they have a duty of care to assist them as well. They turn off the Bluetooth and wireless features of their smartphone to prevent leaving their digital footprint.

The constable notes the front door is closed and asks Jenny to open the door. Jenny uses her smartphone to connect to the door and unlocks it from the bottom of the driveway. The constable notes this in their notebook and that the arriving detectives will be interested to know Jenny’s phone has connectivity to the smart scene and could potentially interact with it remotely, affecting its integrity.

Constable 1 places gloves on their hands to avoid the inadvertent transfer of their fingerprints or DNA within the scene and carefully enters the home. They wish to leave the house as close to the way the offender left it, whilst being aware that Jenny had already been through the house looking for Alex. The constable notes that they will need to clearly describe what Jenny did within the house and where she went, so they can explain any changes within the scene caused by Jenny to the first arriving detectives. Constable 1 already has their body-worn camera activated and can capture the scene accurately as they walk through it. The smart technology in the home records their presence.

Upon entering the scene, the officer is careful not to touch anything. Walking into the lounge, they note there is a large amount of blood on the floor, and what appears to be drag marks of a large object from near the table towards the door connecting to the internal garage. As an experienced officer, they know what this means, however, to ensure that no person is present in the house requiring immediate first aid, they open the unlocked internal door to look into the garage, noting there was no vehicle or person there. The officer noted the door to the garage from the main living area of the house was a standard door lock with no smart function or cyber connectivity. The lights in the garage were already turned on, providing a clear view of the garage and its contents.

Upon viewing the garage from the internal doorway, they noted the drag marks continued to the front of the garage where the boot of a car would normally have been, should a car have been driven into the garage in a forward direction. The officer noted the internal light was still on and did not touch the switch as the last person to touch it would most likely have been the offender. The officer also noted this was not a smart sensor light as Jenny explained the rest of the house was fitted with.

After a brief examination of the rest of the house, the officer noted there was no sign of Alex or any other person present. They noted an Amazon Alexa in the lounge area near the blood trail which stood out to the officer as they had purchased and installed one only one week before. They immediately went outside to assist with preserving the crime scene and briefed their supervisor who had just arrived.

D/I Coltrane arrived at the scene promptly, as the first hours of a homicide investigation were critical and they needed to visualize the scene for themselves. She was an “old school” investigator who was well-established as a homicide detective and had recently attended an internal training session on digital evidence at a crime scene.

After an initial briefing from the first responding officers, she decided to place her new training into effect to see what a smart home and its technology could do to assist in a homicide investigation.

All officers present were instructed to turn off the Bluetooth and wireless functions on their phones. The physical crime scene boundaries were set as the residential boundaries, and Coltrane noted the neighbours’ houses were close together meaning the modem/routers may have caught some evidence of the attacker’s phones. Also, many addresses have external facing CCTV cameras and smart door locks containing cameras, as well as cars travelling to and from the address with dashboard cameras, which may have caught some interesting and relevant evidence. The first detectives arriving at the scene were tasked to speak to the occupants of the houses surrounding Alex’s home to identify whether they had any information or knowledge of Alex’s disappearance and conduct a technology audit of the neighbourhood which may help the investigation, as well as identify who has been present at the address over the past 24 hours determine who can be interviewed as a general witness.

Specialist investigators begin to arrive. They have been contacted to ensure their mobile devices have Bluetooth and wireless functions turned off prior to arrival. After an initial briefing, the photographer is then tasked as being the first specialist investigator entering the scene. Their job is to photograph the scene, collect evidence and record it as left by the offender, allowing for the fact Jenny and a first responder officer had already been in the house.

A detective notes Jenny is watching her phone and sees she is watching the photographer enter the lounge as she is connected to the internal CCTV cameras through her phone. Jenny’s phone is secured with her permission as an exhibit and her phone security access details are obtained. The phone is immediately put into ‘flight mode’ to prevent any prospect of an unknown person accessing Jenny’s phone and destroying the content. There is no eSim in the phone.

At this time, the detectives have limited knowledge of the digital evidence within the address and how to limit remote access to it. They also do not have knowledge as to how remote access can be obtained, whether through a connection with a hub and thereby wireless access or directly through a mobile device and a manufacturer’s app. It is very early in the investigation and many questions need to be asked, including identifying the activity of digital devices within and around the scene.

As the crime scene was being photographed, the initial detectives attending the scene were restricted in what they could do. Inquiries into Alex commenced, with background information that he was involved in the importation and distribution of drugs placing a new focus on the investigation.

Area inquiries around the homes surrounding the crime scene is a standard line of investigation and being briefed to obtain a list of technology directed towards Alex’s home was amongst the first lines of inquiries. Being asked to obtain modem/router details was an unusual new line of police inquiry, but they did as they were directed. D/I Coltrane remembered this from her course and was alert to this form of evidence.

The houses directly next to and behind Alex’s home had no data available from the modem/routers as they were standard modems provided by their Internet Service Providers and had limited functionality. Inquiries failed to locate any schedule of remote devices connected successfully or otherwise.

These houses also had limited smart home technology outside of a series of home assistants.

Inquiries at the home directly across the road from Alex’s identified that the homeowner had two children who were heavy online gamers. Subsequently, they had a high-specification modem/router with a separate channel the children used to play their games and a slower channel for the rest of the family to stream multimedia and view web pages. The homeowner did not have any CCTV cameras but had a Ring door lock that directly faced Alex’s home, but unfortunately, its view was obstructed by a tree branch.

They knew the password to their modem/router, and because they had fine-tuned the device for the high demand needs of the family, knew where to find the connection logs. The family operated a whitelist on the device meaning only pre-approved devices were allowed on the home network and these were identified as “Mum’s iPad” for instance. Amongst the logs, they did find an unusual mobile device had attempted to connect. The Media Access Control (MAC) address was recorded and the device name “Sledgeman” appeared next to the identifier. The homeowner had no knowledge of who Sledgeman was, and they had not seen this identifier on their logs before which they viewed regularly as a cyber security feature of their home network.

The detective captured the evidence via a screen recording within the browser of the homeowner’s computer. They also took a series of photographs using a camera which was preserved for crime scene investigations only. A formal statement recorded the evidence with an evidence receipt being issued.

The detective briefed the other members of the team that earlier a person using the name “Sledgeman” had been near the neighbour’s house facing Alex’s residence, however, no one knew anything about this name. Intelligence inquiries were requested through the team’s intelligence officer to see if anyone remotely resembling this name or nickname was associated with Alex, his address or the neighbourhood.

Background inquiries into Alex, Jenny and the address were also being commenced by the homicide intelligence officers to start creating a list of possible suspects. At first glance, the name Sledgeman meant nothing of great value to the investigation team. However, it was a lead and would be examined.

The neighbours could not remember what their Ring online cloud account contact details were, so had to wait for their son who had connected the device to return home. Even though there was a branch in the way of a clear view of Alex’s house, they would view the recordings with the police and see if they could find any evidence of interest. They would contact detectives when this data was available.

Once the photographers had completed their recording of the scene using still and video recording, they briefed the D/I. There were many items of interest to be viewed, and a copy of the still images were downloaded onto an investigation laptop for the D/I to gain an understanding of the inside of the address and what may have happened. These photographs and video images are evidence and are treated accordingly. A later plan is to create a 3D active image of the crime scene to assist later investigations and possible presentation in court.

The D/I examined the images intently looking to see any potential evidence and signs of what happened within the scene. Although she was very interested in personally viewing the scene, there was an established order of events to follow and being a professional officer, was not going to shortcut the proven scene methodology. The scientific officers had entered the scene, and they would be present for a considerable time based on the extensive criminal activity within the images. The D/I saw a collection of clip-seal bags in an image that was consistent with drug distribution, confirming a new aspect of the investigation and potential line on identifying a motive.

The D/I also identified there was a lot of technology within the house and with limited understanding of the operation of these devices, what data they collected and where it was stored, she sought specialist co-operation from the cybercrime detectives and digital forensic examiners.

Intelligence reports the details of Alex’s missing car and patrolling units are advised to be on the lookout for this vehicle. It was noted this was a high-specification vehicle and the D/I wondered whether there was any technology available to assist in it being located. The intelligence officers were tasked with finding this out. Being located within a smart city, inquiries were initiated to identify whether this car had been seen by any of the city’s cameras.

In the first instance, D/I Coltrane tasked the digital expert to conduct a digital audit of the crime scene from the photographs. The house appeared to have a lot of technology that Coltrane was unfamiliar with and had no understanding of its potential value.

The digital expert identified the following items:

• • • CCTV which was likely linked to the home assistant.
    • Home Assistant: Amazon Alexa home assistant which operates as the home hub.
    • Modem/router.
    • Ring door camera.
    • Smart clothes dryer.
    • Smart fridge.
    • Smart front door lock.
    • Smart garage roller door.
    • Smart television.
    • Smart wall plug.
    • Smart washing machine.
    • Smart water meter.

These items were not located:

• • • Laptop.
    • Mobile phone.
    • Motor vehicle.
    • Smartwatch.

Amazon Alexa is used as the speaker/hub to control all the smart devices within the address. Alex had the ability to control the whole house from his phone through apps and used his laptop in the initial setup of the smart home network. Alexa was a silent witness to the crime and may have recorded information. This is in cloud storage and the investigators wish to see whether there is any conversation recorded which may have captured the violent assault.

The username and password were unknown to the team, but Jenny knew it and passed it over to the team. There was no legal authority to access the data stored on or through this device and a detective was tasked with preparing an application to the court for legal authority to access the device and user account. (This will be subject to the laws of your jurisdiction). A formal notification was also submitted to Amazon to preserve all the data held in Alex’s account to prevent it from being deleted by an unknown person.

The history of communication and activity may also be of interest to the investigation team, and they are interested in finding out more about Alex’s background. Jenny does not agree to this and only allows the police to look for the existence of any recordings. As access to the evidence is by the consent of Jenny, police agree to only examine the audio recordings from Alexa. Should evidence be located, then an application to the court may be submitted to gain access to other evidence which may be material to the case, and this will be dependent on the laws of your jurisdiction.

Initial research identifies that smart devices collect little information that is stored within the device; however, data may be stored through the Amazon account as well as the cloud accounts of the connected devices. The cloud account becomes more important to the investigation because a timeline of events can be accessed.

The D/I pauses to review with the team what they know so far. A suspected violent death of a known drug dealer with his car, phone and laptop taken by the attacker who is currently unknown. Alex and his car have not been located. However, GPS technology may be able to provide very valuable evidence of who the offender is and where the suspected deceased body of Alex is.  There are inquiries being undertaken into the located technology, but the results take time to arrive, and, in the meantime, the investigation continues.

It is noted the modem/router is located in the kitchen on the bench and is still active. As it is within the house, access to it is obtainable through the crime scene search warrant authorizing the initial investigation into the suspected crime of homicide. It is legally authorized to access this device and examine the data within. (Check the laws of your jurisdiction). The username and password are known to Jenny as Alex has a consistent username and password across his devices for simplicity.

The digital forensic examiner uses a forensically clean police computer to join the network and types in the network address of 192.168.2.1, which is the device’s Internet Protocol address within the home network. A screen camera is used to record all activity and an atomic clock is shown in the bottom right-hand corner of the forensically sterile computer in order to show the accurate sequence of actions taken when obtaining the evidence. The atomic clock shows the recording is a true image with no later editing undertaken.

The username and password to the router are used to access the internal settings of the modem/router, and a quick search locates a schedule of the active devices on the network as well as devices that have attempted to connect. The Media Access Control (MAC) identifier of each device is recorded, including those which are currently active and those which have previously accessed the network, but are not currently linked. It is noted the MAC address of Apple devices may not necessarily be the same as the physical identifier on the Apple device as they may generate a separate identifier for connectivity.

The examiner works systematically through the internal menu of the router and locates a schedule of devices that have recently tried to connect. They are pleased to identify none of the investigation teams’ phones have attempted to connect after being warned against this action upon arrival. They notice a successful connection with the name Jenny from the previous day and two connections under the name “Sledgeman” with the MAC address listed. Reviewing times back further over the previous 24 hours, they see this name appear at 5:32 PM the previous day and 3:17 AM the following day. Another MAC address belonging to “Potter” is also located, and this is suspected as being the homeowner.

Interestingly, the phone of “Sledgeman” made a successful connection, meaning they had at some time been given the username and password of the home network and given the consent of the owner to access the network. This identifies a relationship of some unknown description between Sledgeman and Alex. Jenny states she does not know anyone of this name.

The scene has a Ring door camera which provides extensive coverage of the approach to the house. Whilst the camera is well located, it provides a real-time feed to the phones of Alex and Jenny with real-time alerts. Jenny advises the police that Alex is very security conscious and has a subscription that records stored footage of activations. This is located on the Ring server and can be viewed remotely.

Jenny has access to the video archive of Alex’s home and can show the officers a person approaching the house. The camera presents an image of the person wearing a hat covering his face who she does not know. The D/I task a digital examiner to obtain this evidence from Jenny’s phone as this is valuable evidence, and they wish it to be obtained in a forensically sound manner. The D/I notes the time the male approaches the address.

Further activations are recorded on the Ring camera about an hour later when the camera observes Alex’s car being reversed out of the garage and several hours later when it returns for a brief period of time.

The D/I noted the large amount of blood at the scene. Their experience as a homicide detective alerted them to the fact the attacker would have a large amount of blood on them, especially as it appears on initial viewing that the body has been dragged from the scene and lifted into the rear of Alex’s car which is still missing.

The D/I speaks to the scientific officers and photographers to identify whether there were any traces of blood anywhere else in the house. The scientific officers note that there were traces of what appeared to be blood in the ensuite shower in Alex’s room. They had collected samples for examination back at the laboratory.

Jenny was asked who uses the shower in the ensuite. This may appear to be a simple question with an obvious answer; however, simple questions must be asked. Jenny replied she and Alex used the bathroom and Alex had recently installed a smart water meter. Alex had explained the smart water meter recorded the use of water in the house and the significant uses.

This data may be obtained through the smart hub, but she also had an app that recorded this data. This was also to be obtained by the digital examiner.

An alert is outstanding for Alex’s car. Checks are made of CCTV for any sign of the vehicle and no officers report any interaction with it over the previous days. Smart road technology is used to see if any police vehicles recorded the vehicle using Automatic Number Plate Recognition, if any speed camera was activated, or if the vehicle appeared on any smart city traffic or security cameras.

The Alex’s phone is missing, and a check is made to identify whether it is online. Initial inquiries from the telecommunication provider show it is, and it is noted that a series of phone calls have been made. The time frame of the inquiry is from the time the unknown male (Sledge) is recorded by the Ring camera walking up to Alex’s front door. The phone numbers of those called are noted and urgent inquiries are made to identify who these people are, who they were talking to and what the conversation was about. These people are ‘persons of interest’ to the investigation, hopefully cooperative witnesses and not hostile to the investigation. Cell tower inquiries are made in an attempt to narrow down a location. The Find My iPhone feature is activated by Jenny who has knowledge of the passwords Alex uses. An address is located, and urgent inquiries are made as to who lives at the address and whether there is any known link to Alex.

Jenny explains that Alex was an avid fitness trainer and had his health data linked to an online fitness group where members encourage each other to obtain their fitness goals. Jenny cannot remember the name of the website but knows Alex always uses his email address as his account identifier where he can.

Knowing a person’s email address opens up a wide variety of online open-source searches to find sites where the email account holder has membership. This provides valuable insight into the personality of the individual and their activities. Using open-source data inquiries, detectives identify the deceased as a member of an online fitness group. The final moments of Alex’s life are recorded from a rapidly elevated heart rate to a steady decline leading to his death.

At this time, initial inquiries have been received from the phone account of Alex obtained from his phone provider post his presumed death, and initial inquiries are being made to identify who was involved in the conversations. Those who have been identified deny any calls and explain they have no knowledge of the call or who Alex is. The production of phone records identifying their phone number refreshes the memory of these contacts and their stories, agreeing they know the number belongs to Alex whom they know socially. All state unconvincingly they were unaware Alex was involved in the drug trade.

When pressed for details, contacts state the recent calls were from a person they did not know calling himself “Sledge” who has taken over the business of Alex. They recalled him saying he was the new boss, and all future contact would be with him.

The D/I tasked the intelligence team to find out as much as they can about Alex and the name “Sledge” which is appearing regularly in the investigation. Social media searches are a standard part of any major investigation, and Alex’s Facebook page was open to view and quickly found.

It was identified he had in excess of 4,000 friends and in a search through the friends list, the name Barry Sledge was found. The following statement was found in ‘Comments’: “Loose ends tied up. Time to step things up a bit. A new boss is in town.”

A view of Alex’s Facebook page has found several comments made after he was believed to be deceased, and images were liked which were inconsistent with his previous habit of not liking any images posted online.

Now Sledge has been identified, there is enough evidence to execute a search warrant at his address once that has been confirmed. He is a person who has had numerous small involvements with police, and his driver’s licence has recently been updated confirming his current address is that which the Find My iPhone feature has identified.

Alex’s car is a very new model Tesla, fitted with the latest security technology. This includes GPS which can be viewed remotely. Unfortunately, Jenny does not have access to the vehicle connection and the investigation team is unable to access the GPS logs. A digital examiner present at the scene states it may be worth the effort to contact the vehicle distributor about the process of obtaining the vehicle’s GPS history.

In the interim, an examination of smart city cameras locates the vehicle heading towards an address where Sledge has been identified as living. The camera is unable to get a clear view of the driver but can confirm the vehicle registration plate.

A later examination of the vehicle, after its recovery, provides access to the vehicle’s GPS records indicating that the manner of driving is consistent with a person driving erratically and provides evidence that Sledge’s phone has been synced to the car. Also, the routes travelled by Sledge once he took control of the car can be accessed and the area where he disposed of Alex’s body is identified.

In review, there is a lot of technology that can be included in the search warrant application identifying Sledge as a suspect in the suspected murder of Alex. Further physical evidence from the investigation of the scene is available, but in this case we will concentrate just on the digital evidence available at this time.

1: The Ring door video captures his image which is identified through police criminal records.

2: The computer modem/router showing a connection to a phone with the name “Sledgeman” at the time of Sledge’s arrival at the home.

3: The smartwatch connected to the fitness tracking website recorded the time of death as well as the sharply elevated heart rate of Alex prior to his death. This is required to prove evidence of a suspected homicide to the court.

4: The Facebook entry of Sledge stating “Loose ends tied up. Time to step things up a bit. A new boss is in town.”

5: Phone records of the phone of Alex where people spoke to Sledge on Alex’s phone post-death.

6: ‘Find my iPhone’ feature showing the phone of the suspected deceased Alex is at an address where Sledge is known to live.

7: Smart city records detailing the identification of Alex’s car being driven in the direction of Sledge’s residence at the time Alex is suspected of being deceased.

8. There is other technology being examined including the Amazon Alexa and the smart devices accessible through Jenny’s mobile phone. These results take time to obtain, and a search warrant cannot wait until every piece of evidence is obtained.

A search warrant is executed at the residential address of Sledge. It is executed first thing in the morning whilst Sledge is sleeping.

Sledge is not at his best as he is recovering from a heavy night on the products he sells to others. Through his haze, he hears that he is suspected of the killing of Alex and disposal of his body. Through his shock, he does not comprehend the other charges being spoken of by the detectives including the stealing of the phone, laptop and car.

He is read his rights and cannot believe the police have located him so quickly. He was convinced he left no traces of his presence and that he was several steps ahead of his competitors and the law.

A detective swiftly locates Alex’s car in the garage, and it is immediately seized as an exhibit. A tow truck is sent to the address for the vehicle to be taken to a safe place for a forensic and digital examination.

Alex’s phone is also quickly found along with his laptop. A large quantity of drugs is also located and seized. Property receipts are issued for each item seized. He makes no comments and refuses to disclose how he came to be in possession of Alex’s property.

Police also seize Sledge’s mobile phone as they are interested in identifying the MAC address of the phone, which will be another piece of evidence to place Sledge at the crime scene.

The seized digital devices may provide a lot of digital evidence to establish what happened at Alex’s home and how he is believed to have died.

Amongst the digital evidence available is the following:

Motor vehicle

• • • GPS locations.
    • Manner of driving.
    • Returning to the address of Alex post-death.
    • Timeline of events such as vehicle start, stop, acceleration etc.
    • Points of interest such as where Sledge went after taking the car.
    • Body disposal site.
    • Sledge phone paired to infotainment unit via Bluetooth.

The police tell Sledge the vehicle will be examined for the crime of murder as it is suspected the body of Alex was removed from his address when Sledge returned to the address in Alex’s car. Sledge was shocked that the police knew he returned to the address and the time he did so.

Phone (Alex)

• • • Access to smart devices including the hub.
    • Apps on the phone.
    • Apps used at specific times including the length of use.
    • Battery usage.
    • Client list.
    • Chat and communication.
    • Connectivity and setup of smart devices in his home.
    • Encrypted messages.
    • First app used when the phone was activated.
    • GPS records through apps.
    • MAC address.
    • Most frequently used apps.
    • Online storage connectivity.
    • Passwords.
    • Phone communication with Alex.
    • Plain text communications.
    • Social media connection and usage.

Phone (Sledge)

• • • Apps on the phone.
    • Apps used at specific times including the length of use.
    • Battery usage.
    • Chat and communication.
    • Client list.
    • Encrypted messages.
    • First app used when the phone activated.
    • GPS records through apps.
    • MAC address.
    • Most frequently used apps.
    • Passwords.
    • Phone communication with Alex.
    • Plain text communications.
    • Significant Locations.
    • Social media connection and usage.
    • List of Wi-Fi connections including Alex’s residence.

Laptop

• • • Backup of the phone of Alex stored in iTunes.
    • Communication between Alex and Sledge.
    • Documents.
    • Internet history.
    • Online storage connectivity.
    • Passwords.

It is identified Alex mainly used his mobile devices for internet based activity. The laptop was used, but as a secondary device.

The phones were forensically examined using Cellebrite,^[1] an industry-standard application for the examination of mobile devices. A full bit-by-bit image of the two devices was made with the output directed to a new forensically clean external storage device in a forensically sound manner. Conducting a full bit-by-bit image of a phone will take a lot longer than a logical image (files and folders only), however in the investigation of a suspected homicide, the highest and most exacting standards of investigation processes are required.

Alex’s phone reveals evidence of communication through the apps. Remnants of contacts and communications are found on the phone operating system indicating an examination of the encrypted apps is required. This will be required to be conducted in an online environment if the examination application version does not have internet search capabilities.

It is noted from an examination of the timeline of activities on the phone logs that there was a connection to Alex’s internet banking at a time when his smartphone suggests his heart rate had stopped. This led to inquiries about the bank account of Alex, as well as of Sledge who is the person suspected of being in control of the phone at the time the link to the internet banking was made.

The phone also shows the health data which corroborates the smartwatch and shows a timeline of the heart rate activity of Alex in the leadup to his suspected death. This is consistent with the data obtained from the online fitness tracker.

The phone also links to Alex’s Google account which, because location services are activated, shows the GPS movements of the device, including where Sledge went once he had control of the phone of Alex. Of special note, the investigation team will be able to identify a site suspected of being used for the disposal of Alex’s body. This will be coordinated by the GPS data from Alex’s motor vehicle.

An examination of the phone of Sledge corroborates the GPS data from the phone of Alex and the vehicle. His MAC address corroborates that from the modem/router at the home of Alex as well as the neighbour.

The timeline examination on Sledge’s phone shows he ordered a ride share and inquiries with the company show he was picked up from his address and dropped off around the corner from Alex’s house in the minutes before the Ring door camera identified him walking up to the front door. The pathway from the ride-share drop-off point passes the neighbour’s house where his MAC address was located by the resident’s modem/router.

Sledge has his GPS coordinates activated on his phone that show he conducted a search for a location that matches Alex’s vehicle’s GPS coordinates after returning to Alex’s address and taking the car. This is suspected by the detectives to be the body disposal site. This location also appears on the Significant Locations feature with the date and time he was present.

An examination of Sledge’s phone’s operating system also locates evidence of communication associated with the sale of drugs. This provides evidence to seek a court order to examine the online accounts of Alex and Sledge.

Social media is a common source of evidence, and the battery shows Sledge logged onto Facebook an hour after the suspected death of Alex. Although the phone does not show what he did on Facebook, the time is consistent with the entry visible on Facebook where Sledge advises there is a new boss in town. The phone also provides access to the messages of Sledge, providing evidence of his drug dealing history.

The phone of Alex also shows a series of calls to the clients of Alex post his death. This is consistent with the phone records previously received.

The phone and car GPS coordinates show where Sledge travelled and a search of the location by the police was successful in locating the body of Alex.