What specific digital artifacts from Crooks’ devices were cited by the FBI as evidence of solo planning?
Executive summary
Public reporting shows the FBI gained access to Thomas Matthew Crooks’ phone and other electronic devices and reported finding online searches (including queries about political leaders and mass shootings) while continuing to analyze emails, gaming and messaging accounts, and browser history [1] [2] [3]. However, available FBI statements and contemporaneous press reports do not cite any specific digital artifact as definitive proof that Crooks planned or acted alone; officials said they had not "immediately found clear evidence" of motive or connections to others [2] [1].
1. What the FBI publicly said it accessed and looked at
Within days of the attack the FBI announced that technical specialists had “gained access” to Crooks’ phone and were analyzing multiple electronic devices, explicitly listing email accounts, gaming accounts, messaging platforms, social media accounts and online search histories as lines of inquiry — language the bureau used when describing the scope of its digital review rather than declaring any single artifact dispositive [1] [2].
2. Concrete artifacts reported in public sources: online searches and account types
The clearest, repeatedly reported artifacts from Crooks’ devices are online search queries — media reporting and fact-checkers cite the FBI as noting searches for political leaders including Joe Biden and Donald Trump, and for past mass shootings — and the presence of various account types under review (email, gaming, messaging, social media) and browser history, all of which the bureau said it was examining for motive and potential co-conspirators [1] [2].
3. What the FBI did not say: no public claim of an artifact proving “solo planning”
Despite the rapid access to devices, the FBI did not publicly point to any single file, message thread, calendar entry, purchase record, or technical artifact and declare it to be proof that Crooks planned the attack alone; New York Times reporting cited by outlets said lab technicians "did not immediately find clear evidence of a potential motive" or new details about "possible connections to other people," indicating the bureau had not made a conclusive public linkage from artifacts to solo planning [2].
4. Technical context and investigative caveats offered by reporters and specialists
Security and forensics reporting noted that modern phone-hacking tools and FBI forensic resources can quickly extract texts, emails, notes, calendars, browsing histories and app data — the categories investigators routinely mine for intent and association — but those same sources stress that presence of searches or isolated materials does not automatically indicate collaboration or sole authorship of a plot, and that deeper analysis (forensic timelines, metadata, network traces) is necessary to support claims of solo planning [3] [4].
5. Speculation versus what was officially reported
Independent technology commentators and digital-forensics vendors outlined a long list of artifacts investigators would typically seek (notes, purchase histories, crypto transactions, decrypted messages), and tools (e.g., Cellebrite, Belkasoft) that might be used to extract them, but such industry explanations are hypothetical and not equivalent to FBI assertions that specific artifacts in Crooks’ devices demonstrated he acted alone [4] [5].
6. Bottom line: public record shows searches and account data were reviewed, not proof of solo planning
Available, sourced reporting shows the FBI unlocked Crooks’ phone, analyzed searches and multiple account types, and continued to hunt for motive and connections; public statements and credible reporting stop short of attributing any identified digital artifact as conclusive evidence that Crooks planned the attack solo, leaving open the possibility that further forensic work (not yet publicly disclosed) could change that assessment [1] [2] [3].