Your question can be separated to two different needs:
- Avoiding identification / tracability
- Avoiding detection of unusual activity
This can be implemented in many levels, and depends on context. When someone steals a car, they might want to cover their hands and faces to avoid identification, and pick the alarm to avoid detection.
When communicating over the Internet, your primary identifier is your IP address. There are other identifiers, these can be things like how your OS calculates TCP windows size and ISN, browser cookies, resolution, caching etc. The amount of differentiation that every identifier provides about you varies: Your IP address is unique, but there might be more than one person in the world using Windows 10 x64 build 1703 with a 1920x1080 screen. If someone suspects that you’re switching IPs, they can use these fingerprinting techniques to track you.
Once they have your IP, they get a warrant, someone makes a phone call to your ISP and it’s game over.
The basic things you can do is use Tor. Tor is a software package that relays your connections over a special anonymizing network, randomizing the route and encrypting your information so that every node only knows the IP from which it received data and where to send it. By relaying connections over multiple nodes, it would be quite difficult to know where traffic originated from. Other forms of anonymizing methods are using SOCKS proxies and VPN.
Avoiding detection is also context dependent - when attacking a machine there are many ways to get caught. There’s IPS / IDS for hosts, networks and web applications, Antivirus software will try to catch your exploits and payloads etc. The operating system has built-in logging facilities that log a lot of actions. Network administrators can use tools that automatically collect these logs and analyze them to find suspicious activity like unknown process creation, outgoing connections, logins, startup items, new user accounts etc. To avoid detection you need to collect information about your target and study the environment before performing actions so you know what’s going to trigger security events.
There are techniques that can be used to hide files, processes, connections etc, usually requiring administrator access.
Once someone suspects that a host is compromised they will start looking for evidence, depending on their incentive, skills, time and resources. Forensics teams can extract information from hard drives so these days people are talking about fileless malware. Live memory can be extracted too, but the process is more involved.