tampering update

content/posts/tamper/index.md

@@ -102,7 +102,7 @@ For GrapheneOS, [Auditor](/posts/grapheneos/#auditor) is an app that allows you
 
 For Tails or Qubes OS, [Heads](https://osresearch.net/) can do the same before you enter your boot password (on [supported devices](https://osresearch.net/Prerequisites#supported-devices)). However, installing Heads is advanced, though using it is not. Keep the Heads USB security dongle with you when you leave the house, and have a backup hidden at a trusted friend's house in case it ever falls into a puddle. For more information, see [Tails Best Practices](/posts/tails-best/#to-mitigate-against-remote-attacks). 
 
-If Auditor or Heads ever detect tampering, you can get in touch with [Access Now’s Digital Security Helpline](https://accessnow.org/help).
+If Auditor or Heads ever detects tampering, you should immediately treat the device as untrusted. [Forensic analysis](https://www.notrace.how/threat-library/mitigations/computer-and-mobile-forensics.html) may be able to reveal how the compromise occured, which helps to prevent it from happening again. You can get in touch with a service like [Access Now’s Digital Security Helpline](https://accessnow.org/help), though we recommend not sending them any personal data.
 
 # Physical Intrusion Detection