A method and apparatus for analyzing side-channel security vulnerabilities in a digital device. A first time sequence of measurements of side-channel related phenomena of the digital device, such as power draw or electromagnetic emissions is obtained. A second time sequence of debug outputs of the digital device, such as program counter contents or other device processor or register states, is obtained. The first time sequence and the second time sequence are obtained based on a common time reference, and thus correlated in time. A controller can provide a common timing signal to measurement equipment obtaining the first time sequence and to a debug tool obtaining the second time sequence, and the common time reference can be correspond to the common timing signal.