Originally Posted by joshd
Trace IP's... hand to police... Jail time.
Note, most traffic from DDoS attacks are from botnets. Meaning even if you managed to work out the actual IPs, get the physical location of that device at the that time, you'd be prosecuting relatively innocent, unknowing citizens. Considering the average scale of a DDoS, you'd be looking at a 2-3% successful verdict rate, which is just ridiculous.
So no, IPs alone are not enough to prosecute anyone. Referencing IPs with say, common service usage, like facebook/google sessions might be more accurate, but it would have to be pretty damn complex, require public/private integration. And even then, once a legitimate DoS'er is aware of this, they'll have a multitude of ways to spoof that information too.