Digital investigation of security incidents in the context of wireless networks, has scarcely interested the recent research works. The existing schemes, which were developed for wireline networks, are unable to address the mobility of attackers, the lack of infrastructure, and the evidence collection in hostile environment. To cope with multihop systems, digital investigation schemes require cooperative mechanisms and techniques for evidences collection and analysis.

We propose in this paper a framework for digital investigation of security incidents in the context of MANet. A cooperative observation network, composed of randomly distributed investigator nodes, is set up to monitor nodes mobility, topology variation, and patterns of executed actions. A set of techniques to aggregate, merge, and analyze evidences is proposed to reconstruct potential attack scenarios and identify paths of packets transfer.