Firmware-based malware is an emerging threat with few obvious mechanisms for detection. There have been multiple cases where the presence of firmware-based malware has been confirmed or strongly suspected, and current mitigations strategies have little or no recourse. Volatile memory forensics may be one of the few technologies that can be employed to detect the presence of modified firmware, through ROM shadowing. However, the majority of volatile memory forensic tools were not designed with this use-case in mind and may not be suited to the capture of protected memory regions. This work performs experimental analysis to determine which, if any, memory acquisition tools are able to collect evidence pertaining to firmware-based rootkits or malware.