In recent years, "we found ourselves involved in every imaginable classification of traditional crimes, from murder to the whole scope of criminal behavior, because AOL was used to communicate or there is some trace evidence," said Christopher Bubb, assistant general counsel at AOL.

Investigators have found new ways to identify people who visit Web sites anonymously or use a false identity. Many Web sites keep a log of all user activity, and they record the Internet Protocol address of each user. I.P. addresses are assigned in blocks to Internet service providers, who use them to route information to the computers of their users. If an investigator determines the I.P. address used by a suspect, he can subpoena the Internet provider for the identity of the user associated with that address at a particular date and time.

For example, in investigating a bomb threat at a Canadian high school in 2002, Mr. Ohm approached the operator of a message board in California on which the threats were placed. He asked to review the log monitoring each user's activities, which showed the Internet Protocol address of the person who left the threatening message. Mr. Ohm used that address in turn to determine the suspect's Internet service provider, who identified a teenager who had posted the message. (As a minor, he was not prosecuted.)

While Internet evidence has been used to solve some crimes, there have also been examples of mistakes in the process. Last year, Manchester Technologies, a company in Hauppauge, N.Y., sued Ronald Kuhlman Jr. and Kim Loviglio, claiming they had posted messages on a Web site that defamed its chief executive.

Manchester had identified Mr. Kuhlman and Ms. Loviglio based on information provided by Cablevision, their Internet provider, which incorrectly associated their account with the Internet Protocol address used to make the postings. Manchester dropped its suit against Mr. Kuhlman and Ms. Loviglio, who in turn sued Cablevision. That case was settled for undisclosed terms, their lawyer, Mark Murray, said.

The 1996 law that governs privacy for telephones, Internet use and faxes -- the Electronic Communications Privacy Act -- provides varying degrees of protection for online information. It generally requires a court order for investigators to read e-mail, although the law is inconsistent on this, treating unopened items differently from those previously read. The standard to compel an Internet service provider to provide identifying information about an Internet user is lower -- in general, an investigator needs a subpoena, which can be signed by a prosecutor, not a judge. (And the USA Patriot Act allows some of these procedures to be waived when lives are at risk.) By comparison, domestic first-class mail requires a search warrant to be opened.

In cases in which investigators want to intercept Internet communication as it occurs, they must get the same authorization needed for a telephone wiretap, which requires continuing court monitoring. In 2004, there were 49 cases of computer or fax transmissions being monitored under these procedures, according to federal statistics (which exclude national security cases).