This certainty cannot be used to put someone in prison as it is just probability based and relies on known data available by possessing a view key.

So outside of this any “tracing” it basically useless and total FUD.

This type of tracing is only possible because it appears the attacker was using a Monerujo wallet with the PocketChange feature enabled, and the input selection algorithm with PocketChange enabled is so horribly busted that at every single step of the withdraw/churn, each tx had at least half a dozen rings with input members from the same originating transaction. Most transactions on-chain do NOT look like this.