its not hard to know, read the warrent request.
time of events..
early on (maybe spring 2013) investigators found by searching the history of bitcointalk the username altoid advertising SR, he had RossU's email in the profile. also on a website for coding support a person asking for code to secure a onion site that sounded like SR also had the same Gmail.
investigators got the IP addresses from google and traced it to san fransisco, which is where i presume they blacklisted him with airports, mail couriers etc..
they then, using IP addresses and RossU's computer domain (login) 'frosty' to get into SR. and then clone the server data.
at same point the courier (mail company) came across a package addressed to RossU which as part of standard security, opened and found fake ID's.. homeland security then went and asked him about the ID's, to which he replied along the lines of 'anyone that knows me could have made these ID's to implicate me as a silkroad user'
then later july-september investigators went through all of the server data, starting with members numbers and transaction data and later on began reading private messages. thats when they came across the hitman messages. and decided it was time to bring him in for questioning..
there.. that saves u a few pages of reading..(check dates, it all flows perfectly in this manner)
There is a timeline of events available, but it's taken from the court documents which are public.
One thing we don't know at the moment is what was in the - as yet unsealed - original documents filed in Maryland (the first documents relating to the case were filed in May).
Likewise, the criminal complaint from Maryland specifically states that the information supplied is purely to establish probable cause - they certainly have more information than is supplied in that complaint.
Enough mistakes were made that DPR could have been caught through the human errors he made and the technological measures outlined in the complaint and the indictment. It is highly likely that some operational information will not be made public until the trial, if at all, but some of it can be inferred.
For example, in order for DPR to be convinced that the former employee had been killed that employee had to co-operate with law enforcement in staging the photos sent to DPR and in remaining out of sight afterwards (he essentially had to abandon his old life). I'd co-operate with them too if confronted with evidence that my former employer was trying to have me killed, but his co-operation isn't explicitly mentioned as a source of any of the information provided to the grand jury.
And yeah, it's really, really stupid to assume that Tor and PGP are magical invisibility cloaks. They might be great for hiding your penchant for porn or messages to your mistress from your wife, but if maintaining secrecy is absolutely critical then assuming that they're impenetrable is kind of stupid. Just as we can solve cold cases because advances in processing physical evidence mean we can make decades old physical evidence speak to use, we need to assume that technological evidence collected now can be made to disgorge its secrets sooner rather than later.
