Please note that a new security flaw has been discovered in IOS 9 and 9.0.1 which can allow an attacker to bypass the passcode of iPhone devices and allow access to contacts as well as pictures.
As this security flaw has no available patch yet I will not disclose the method used, but will post full details on the vulnerability at a later stage once a fix is available.
What I can recommend is that you disable Siri on the lock screen by navigating to:
Settings > Touch ID and Passcode (or just Passcode if you do not have touch ID) and then disabling Siri under the “ALLOW ACCESS WHEN LOCKED” section.
We will update once a fix is released.
The Tarsus SecureData team.