Definitions
Quoting from Anton Chuvakin's slides in his presentation in 2006 at FIRST:
Log analysis is (the) trying to make sense of system and network logs.
Computer forensics is (the) application of the scientific method to digital media in order to establish factual information for judicial review.
So...
Log forensics is (the) trying to make sense of system and network logs, in order to establish factual information for judicial review.
Makes sense, maybe I've been googling for the wrong keywords all this time! Till of late, I've been looking at this field largely from a data mining viewpoint.
Things to do before (and when) you lose your phone
Had the harrowing experience of losing a phone for a while. Coupled with having to look for it in the rain (could have been dropped somewhere), it's certainly not something anyone would want to go through.
Just like in incident response, two things held true:
- If you don't have a "incident" response plan, you're only going to panic (a lot more) when it happens.
- Doing an AAR helps!
There're things that can be done to make the loss/theft of your phone a lot less traumatic, and possibly less painful if you really don't get your phone back. They happen to be the things that you could do when you get a new phone.
Preparing for what should not happen:
- Note down IMEI of phone (dial *#06#)
- Set up phone tracking/remote lockdown. Apple users have MobileMe / iCloud for iOS. There are ways to do so for Android too. Remember to set a good password which is not reused anywhere else!
- Note down details of the taxis that you board (taxi company, license plate, make/model of taxi). Takes getting used to though.
What to do when phone's stolen/lost (in order)
- DON'T PANIC, knee jerk reactions are not what you want!
- Recall when you last used/saw the phone. Retrace your steps and narrow down the possibilities on where to search. Confirm that it was indeed dropped somewhere/in the taxi.
- Lock phone remotely if you can, and haven't locked it already (Apple's Find My iPhone allows you to do that if you've set it up already). For the average Joe who picks up the phone, it makes the world of difference between a phone that he/she can use straight away and one that he/she is better off returning.
- Call in 5-15 minute intervals to locate/get someone's attention to the phone. Don't call non-stop as there's no point in spamming your phone, especially if it's going to result in a flat battery which is worse off.
- Leave a message for any would-be finder to be able to contact you and return the phone. You could use the phone tracker, or simply SMS/WhatsApp/etc. Many phones show the message contents without having to unlock the screen (!!!).
- Locate the phone, mainly to see if it's trivially retrievable (left on the floor somewhere, or taxi's stationery), or for the police report to come later.
- Call for help (taxi company). There's an awesome list of Singapore taxi companies' numbers out there.
- Lodge reports especially when your chances of getting the phone back are slim, or when it's been a while since you've been able to find it/get it back. For the phone itself (property) and any other items of importance that was lost together like identity cards, call the police or make use of the SPF's e-services to lodge a report. Credit cards that were with the phone should be cancelled regardless of whether you get the phone back or not since there's a high likelihood that someone else has seen your CC number and CVV. You do NOT want to go through additional heartache and trouble of undoing credit card transactions by the unscrupulous.
That's all for now. Stay safe, and stay calm 
Edit: I guess if this happens you could just skip straight to locking the phone and calling the police.
Where are the discussions on analyzing logs in DFIR?
It's funny how much (or rather, little) is talked about in DFIR circles about analyzing logs before/during an incident.
While it is really sexy (oh yeah!) to be able to dig out stuff from a computer that Joe or that pesky malware writer tried to hide, responding to incidents requires information to be surfaced as much and fast as possible in order to solve the mystery and contain the damage. And for organization-scale incidents, one great source of information would be the logs generated from the various endpoints/perimeter devices.
So far there's the area of SIEMs and logs management, where we get the heavyweights like Anton Chuvakin. The closest could perhaps be SANS' network forensics course offerings, but the coverage is glancing at best. But looking for discussions in terms of analyzing logs specifically for DFIR, zilch. Perhaps I'm looking at the wrong areas, if so do let me know 
As with many security-related domains, the more an area is publicly shared, researched and discussed, the more the good guys stand to gain. The flip side argument being that the bad guys are reading the same stuff too, but that's another topic to be visited another time.
Till then, will share whatever I can about this area that I've learnt so far. It's really a curious monster in itself amongst DFIR efforts.