Two of the most successful methods are bots and honey pots. The former is designed to crawl websites and networks looking for keywords, MD5 hashes, filenames, and tags which identify possibly illegal file sharing. After compiling a list the human counterpart can download it and determine if it is indeed a pirated copy, and if so jot down who the uploader(s) was/were by IP address. The latter is more controversial as files will be uploaded, purporting themselves to be pirated content, but in fact are tracking decoys with a log kept of everyone who downloads it. Of course publishers rarely get their own hands dirty, passing this job off to third-parties which occasionally have their own dedicated servers for catching pirates, but it's a nice sting operation just the same. The hard part is tracking down the individuals, as they initially have to launch the lawsuits against Jane and John Doe in order to force the ISPs to release the information in most cases due to consumer privacy laws.


P.S. For some nice reading on this process look into the RIAA's enforcement partner MediaDefender.