Increasingly it seems that law enforcement and forensic analysts are attempting to identify cyber data breaches by linking source IP addresses to independent 3rd party databases which also may have important contact information. While this technique may not yield matches all the time and analysts need to deal with static and dynamic IP addresses, some very large databases do exist today and have been used effectively to do this. With only a few matches this can be used to identify cyber criminals. We have used Consolidata.net along with advanced link analysis to accomplish this. Click here
and then on "Cyber Security Video" to see a use of advanced link analysis integrated with Consolidata to do this type of work. I would be interested in your perspectives on this approach.