Definitions
Quoting from Anton Chuvakin's slides in his presentation in 2006 at FIRST:
Log analysis is (the) trying to make sense of system and network logs.
Computer forensics is (the) application of the scientific method to digital media in order to establish factual information for judicial review.
So...
Log forensics is (the) trying to make sense of system and network logs, in order to establish factual information for judicial review.
Makes sense, maybe I've been googling for the wrong keywords all this time! Till of late, I've been looking at this field largely from a data mining viewpoint.
Dynamic conversion of epoch timestamps in logs
In the course of your logs or text processing, you may come across certain timestamps in epoch format. Whilst there's always online resources to assist with the conversion of such timestamps, it may not be the best way if you need to keep the timestamp "secret" during then, or if you have many timestamps to convert going by the thousands, millions, etc.
Whilst there's always free tools like Splunk which is available for free to the masses (and yes, it does automatically convert epoch timestamps for you), there's always our "humble" awk. 
Profiling of persistent SSHD brute force attack
Proper setting up and regular monitoring of logs gives you the avenue to know what's really happening with your box sitting out there in the internets, and to anticipate when bad things are about to happen. One of the warning signs would be that someone has been poking around your box, looking for an (easy?) way in.
The natural thing that would jump out at you then, is that this someone has been accessing your box in far higher volumes/durations, especially on services that should not be accessed by others.
This is one example of such accesses on a linux box: SSHD brute forcing over long periods of time.