GrayKey
What is GrayKey?
GrayKeyA dedicated hardware-and-software appliance from Grayshift (now Magnet Forensics) used by law enforcement to unlock and extract data from locked iOS and Android devices.
GrayKey is a forensic device created by Grayshift, acquired by Magnet Forensics in 2023. The box connects to a seized iPhone or Android phone over Lightning, USB-C or Type-A and runs exploit chains plus passcode-brute-force logic to obtain a full file-system or partial extraction. After unlock, GrayKey produces a structured evidence package that can be parsed in Magnet AXIOM, Cellebrite or open-source tools. The product is sold strictly to vetted government and law-enforcement customers, with on-premise and Edition (offline) variants. Its existence has driven Apple's lockdown features (USB Restricted Mode, Stolen Device Protection) and ongoing privacy debate.
● Examples
- 01
Police running a GrayKey extraction against a passcode-locked iPhone seized during an investigation.
- 02
Importing a GrayKey image into Magnet AXIOM Process to parse iOS keychain and Messages databases.
● Frequently asked questions
What is GrayKey?
A dedicated hardware-and-software appliance from Grayshift (now Magnet Forensics) used by law enforcement to unlock and extract data from locked iOS and Android devices. It belongs to the Forensics & IR category of cybersecurity.
What does GrayKey mean?
A dedicated hardware-and-software appliance from Grayshift (now Magnet Forensics) used by law enforcement to unlock and extract data from locked iOS and Android devices.
How does GrayKey work?
GrayKey is a forensic device created by Grayshift, acquired by Magnet Forensics in 2023. The box connects to a seized iPhone or Android phone over Lightning, USB-C or Type-A and runs exploit chains plus passcode-brute-force logic to obtain a full file-system or partial extraction. After unlock, GrayKey produces a structured evidence package that can be parsed in Magnet AXIOM, Cellebrite or open-source tools. The product is sold strictly to vetted government and law-enforcement customers, with on-premise and Edition (offline) variants. Its existence has driven Apple's lockdown features (USB Restricted Mode, Stolen Device Protection) and ongoing privacy debate.
How do you defend against GrayKey?
Defences for GrayKey typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for GrayKey?
Common alternative names include: GrayShift GrayKey, Magnet GrayKey.
● Related terms
- forensics-ir№ 153
Cellebrite UFED
A family of mobile-forensics products from Israeli vendor Cellebrite that extract, decode and analyze data from smartphones, drones, SIMs and other devices.
- forensics-ir№ 644
Magnet AXIOM
A commercial DFIR platform from Magnet Forensics that ingests disks, mobile and cloud sources, parses artifacts and presents them in a unified review interface.
- forensics-ir№ 578
KAPE (Kroll Artifact Parser and Extractor)
A Windows triage tool from Kroll that collects forensic artifacts from live systems or images and then runs parser modules to produce ready-to-review output.
- forensics-ir№ 162
Chain of Custody
The chronological, documented trail showing every person, location, and action affecting a piece of evidence from seizure through final disposition.