said by globus999:If you show up in a courtroom with this information I am laughing all the way to the bank. I can shred it to pieces since you have ZERO, let me repeat this ZERO verifiable, documented, evidence that the software / process / your training can pinpoint my IP accurately and reproducibly. Game over!
IPs are directly observable information just like license plates on cars, there is no need for any fancy tools to "pinpoint" it, they are right there in plain-text and the bittorrent handshake tells the peer exactly what torrent the incoming peer connection is interested in the first 30 or so bytes of application-layer traffic.
The main difficulty is the short-lived nature of the 'live' evidence since it leaves no visible traces for re-examination once activity stops, which is often less than an hour after it started with torrents... short of seizing the subscriber equipment and tracker servers for forensic inspection before all traces are overwritten.