When investigating an attack from a specific IP address, what techniques are used to gather information on that IP address. Obviously the typical whois query and IP information lookup are a must, but what else can be done to singleout a potential threat.
Also, when an attacker's IP address is registered to an online service (like AOL in this case), what measures can be taken to specially identify the attacker? I'm aware of AOL's Dynamically Assigned Hardware Addressing, so when a client disconnects the IP is usually reassigned, but I would imagine they would keep a log of IP's to their respective users at specific times.