I'm not aware of any such log, and it there was one, it would probably say that "root" modified the root password. Not much help there.
The 3 ways I've seen this occur:
1). A Sys Admin intended to change the password for a different user, but accidentally changed root's password, and didn't notice.
2). The system has been hacked from external source (check /usr/adm/syslog for lots of "sshd" connection attempts).
3). The root login is used so seldom that nobody remembers the password.
"Proof that there is intelligent life in Oregon. Well, Life anyway.