From the numerous correspondences I have had with people who have been compromised (due to their PC being infected, and a perpetrator watching their screen in real time in HU matches, AIM/email compromises, etc), the best way to detect such things, is obviously a statistical analysis of hand histories (ie noah SD); but there will be room for doubt even if it is done, if as David said in teh OP the perpetrator has poker knowledge to mask the obv (calling down with 10 high etc). the nail in the coffin though, if we had access, is statistical correlation of account information, I currently have a web analysis, of current suspected cheaters (email, aim, IPs, suspected geolcation, modus operandi etc) the only real way to get to prove guilt though is 100% cooperation w/ the sites so we can look at chip dumping, association with other accounts, limits played, time of activity on teh account etc.
http://www.paterva.com/web5/
might come in handy if anyone is into these things