Internet traffic comes through an ISP, a service provider, who has a router. That router assigns IP addresses to its customers, who also have routers. (These can either be static, or permanent, or vary by session through something called DHCP). What an IP address trace does is to get you through the ISP's router to the home router, usually through the logs on the ISP's router.
The home router has multiple computers attached to it. It has its own little bag of IP addresses that are different from the one used at the vendor (this is NAT, or network address translation). Its job is to take traffic sent to it by its common IP address and split it up into the various computers hooked up to it. Only here is there a hook between the IP address the vendor knows about and the one assigned to the computer. This information can be logged but seldom is because who would read it?
So that's where the IP trace breaks down. The investigator knows that the illegal traffic reached the home router, which is registered to whoever has the account at the vendor. That's all the investigator knows.
What happened at that home router level to divvy that traffic up to the ultimate destination is normally not recoverable, although for routers managed by IT staff at places like companies, it can be. For home routers, not so much; they either don't log it at all or the logs roll over from limited storage space.
So what happens is that the guy with the computer hits his home router, offers his only unique, hardware-level ID known as a MAC address (machine access code), is matched to an IP address by the home router that is good only for that session (it's actually called a "lease"). For the duration of that session only, the connection is traceable all the way from source to destination. When the session ends, the IP address assigned by the home router is recycled.
That's why there were different IP addresses and the true route was probably not recoverable. But it was enough to tell the investigator that something attached to the home router received the illegal traffic, probably enough for a search warrant. Again, only guessing, but it was probably the presence of the illegal material itself on the guy's computer that resulted in the conviction.
All of this is not true all the time for all setups, so this is nothing more than a guess. But that's why the guy's computer had a different IP address from the furthest one the investigator could trace. The guy registered to the home router was also the last guy the investigator could trace to. But he wasn't the perp, and I doubt if anyone even tried to charge him because it wouldn't have stood up in court.
God, this is still IT gibberish, I'm sorry. Welcome to my world. :-(
Thank you. I’m still a bit confused but I’m an illiterate when it comes to technical stuff dealing with computers.