Once the authorities have made that determination they than subpeona the ISP for the server logs, which are date-time stamped.
Dial-up connections include built-in caller id within the communication servers (modem pools) and make it relatively easy to trace back to the user, dynamic IP assignments for broadband connections take a little bit more work to trace, static IP connections are more easiliy traced back to the user.
Assuming the ISP keeps the logs. And assuming law enforcement gets a subpoena on the logs before the relevant records expire and are deleted (which may be 48 hours, or two weeks, or four ... or they may be permanently archived on backup tapes, who knows).
An earlier story noted the FBI was involved in the investigation, let's hope they've brought some of their War On Terror experience to the table.
Although it was never explicitly reported (you had to read between the lines), the Moos are not a computer-savvy as believed, and the Dan Pearl murderers were nabbed because they were sending Hotmails with the source IP embedded in the header, which pointed back to an Internet cafe in Karachi. IIRC a similar thing with Kalid Sheik Mohammad.
Let's hope someone in this investigation is on the ball.