None of the documents contained private keys or phrases he was actually really secure about this kind of stuff
If there is no paper trail of any (well hidden!) seed phrases or passwords, then the password manager could indeed be the best place to search.
However:
he had sent a password for a site or something and its like $5dcjdken5#hd84 generated from a password manager
Proper passwords are meant to withstand brute-forcing, and this sounds like a strong password. If the master password is like this, it may very well be impossible to recover.
doesn’t mind waiting a few weeks or something so wallet inactivity could be seen
None of that is going to matter if a decent password was used.