If you are ready to pursue possible criminal charges against the attacker, collect the best evidence you can and call your local or national authorities tasked with following up on Internet crime. In the United States, contact your local FBI field office. They will direct you to the appropriate division. It makes sense to have the appropriate numbers researched and documented ahead of time. From the time that you make the call, follow the recommendations of law enforcement.
One of the reasons that it helps to bring in law enforcement is getting the legal authority to track the attack back to the originator. Law enforcement can help with finding the bot net's command-and-control (C&C) servers, which might lead to the hacker. Using the detailed traffic you have collected, you should be able to identify some of the originating IP addresses of the bot attack traffic. You (or law enforcement) can contact the owner of the IP addresses and request a forensic copy of the malware, which can be dissected to find the C&C server's IP address, which in turn can be used to find the hacker's origination address.
To be honest, being able to locate and prosecute the DDoS attacker is a long shot. The lack of cohesive communications between all the parties that need to be involved in an investigation, the legal implications of the global nature of the assault, and the growing sophistication of bot nets all fight against a successful prosecution. But as Paul and CastleCops can tell you, it can be done.