Yes.

of course he can

When in 2009 there was a campaign to ban the gambling business, including through the Internet, the providers together sent requests to the police and the prosecutor's office, referring to the law on communications (the practice is on the website of the arbitration court). So the answer is 50 to 50, depending on whether the case is initiated and how serious it is. If the murders, the attack, then yes, if any garbage, then rather no than yes.

technically, with a properly prepared infrastructure - yes.

As far as I remember, according to the law, we store statistics for the last six months, but usually they are archived and it is possible to look at a very long period.
A request usually comes from the police in the framework of some kind of case, not answering it is very fraught.

As an administrator of several providers, I will answer yes, firstly, the provider is obliged to store this information by law, and secondly, SORM is installed on the providers. In addition, not only who sent it, but also where, how much and even what was in the packets, the type of traffic, if the traffic is not encrypted, then, with proper configuration, also the contents of the packets. The provider regularly responds to similar requests, since not answering is fraught with the loss of a license and other anal punishments (roughly speaking, the provider will respond if it does not translate the arrows correctly).