Link to the whole declaration of FBI agent that lead the SR investigation
http://ia700603.us.archive.org/21/items/gov.uscourts.nysd.422824/gov.uscourts.nysd.422824.57.0.pdfTL;DR:
- CAPTCHA on SR site wasn't configured correctly with TOR and leaked the IP of the server
- Server was in Iceland, Icelandic authorities helped the FBI to get server backups etc
- In that backups there were IPs to other backup servers (some USA, some foreign) and FBI got that too
- At that point, Ulbricht was "only" the lead suspect
- They used pen registers (routing only, no contents) to confirm the identity by checking when he was online on the ISP + IPs/ports used and when he was online at the SR forum
- After that they arrested him