Basically unless there's an audit trail somewhere to trace stuff back then it's impossible, however even when there's some sort of trail it's still very hard to trace as this may be spread over several different countries and hundreds of computers.
Although if you can't work out the previous step in the trail then it's pretty much unto the authorities which may or may not be co-operative. For example, reporting a DDoS 3 months after it happens, with an investigation starting in another month - ah I'd say it's nearly impossible.
Even in some situations you may be able to trace it back to something like a router at an ISP, but it might not be logging who performed actions on it. (But you'd expect the ISP to tighten up security a bit).
But yeah, at the end of the day, no matter how qualified you are it still relies on way too many factors and variables for it to be easy and often it's simply impossible.