This paper investigates distributed denial of service attacks using non-address-spoofing flood (NASF) over mobile ad hoc networks (MANET). Detection features based on statistical analysis of IDS log files and flow rate information are proposed. Detection of NASF attack is evaluated using three metrics, including detection ratio, detection time and false detection rate. Thus, the proposed framework address important issues in forensic science to identify what and when does the attack occur. Different NASF attack patterns with different network throughput degradations are simulated and examined in this paper.