How can you recover a file encrypted using EFS?

you must backup file by using recovery software or data recovery wizard, Symantec Backup recovery software etc,

Note: (the back up must be in separate additional H.D) 

Exporting and deleting the private key for a data recovery agent (or any other user) is a relatively simple process. Use the following steps:

1. Log on to a workstation within your workgroup / domain as the user account for the data recovery agent.

2. Open the Microsoft Management Console Certificates snap-in. I like to do this by running Certmgr.msc. You can also follow these steps:

   1. Run MMC.exe

   2. On the File menu, click Add/Remove Snap-in.

   3. In the Add/Remove Snap-in dialog box, click the Add button.

   4. Click Certificates in the list of available snap-ins, and then click the Add button.

   5. In the Certificates snap-in dialog box, select My user account, and then click Finish.

   6. Click Close and then click OK to close the other dialog boxes.

3. In the Console Root tree, open Certificates – Current User, open Personal, and then open the Certificates folder.

4. In the list of certificates that are displayed in the right pane, select the certificate that has the user name for the data recovery agent in both the Issued Toand Issued By columns. When these two columns are the same, it almost always indicates that the certificate is a “self-signed certificate.” Verify that theIntended Purposes column reads “Encrypting File System,” 

    

    

5. Right-click the certificate that you want to export, point to All Tasks, and then click Export, as shown in Figure 1. The Certificate Export Wizard opens.

6. Read the explanatory text on the first page of the wizard, and then click Next.

7. On the next page of the wizard, under Do you want to export the private key with the certificate?, select Yes, export the private key. This is important, because the private key is what you want to back up and delete in this process. Click Next.

    

    

8. On the next page of the wizard, you must select a format to export to. If you correctly chose to export the private key for the certificate, you will be given one choice only, Personal Information Exchange. This file format is also known as a .pfx or PKCS#12 file. There are three check boxes available for selection with this format.

    

    

   The first check box is irrelevant; because the certificate you are exporting is self-signed, it contains all of its own certification path. However, you should always select the second check box, Enable strong protection, when you export to a .pfx file. You should also select the third check box, Delete the private key if the export is successful, so that after you export to the .pfx file, the private key for the data recovery agent will be deleted from the online certificate store. This does prevent decryption from being possible later by using the data recovery agent private key, but does not prevent encryption with that same certificate.

    

9. Click Next, and then type and confirm the password with which you want the .pfx file to be encrypted:

    

    

10. Click Next, and then enter a path and name with which to save the .pfx file.

11. Click Next, verify that the summary of operations matches what you chose, and then click Finish to export your EFS certificate and private key to the .pfx file.

12. Store the .pfx file securely. Maintain good records about the password that is associated with the .pfx file (ideally, in a different location from the .pfx file itself).

13. Make sure that you have an appropriate process in place for approving the release of the .pfx file and the password, for when you want to import the data recovery agent private key so that you can recover encrypted documents without using the user's private key.

With the computer shut down, connect an external hard drive to a USB port on the PC and then turn on the computer.

Press the "F8" key as soon as you see the Windows logo screen to display the Advanced Boot Options menu. Scroll to "Safe Mode with Command Prompt" and press "Enter."

Related Reading: How to Recover Encrypted Microsoft Windows Files

If you cannot boot into Windows or plan to move the encrypted files and folders to a new computer, copy the encrypted files and folders to the external hard drive using the Xcopy command. To do so, enter the following syntax at the command prompt and press "Enter": Xcopy C:\\EncryptedFolder F:\\ /s /e /j /g /v Change the "EncryptedFolder" value to the folder name containing the encrypted file. Change the "F:\\" value to the drive letter assigned to the external USB drive. Since you cannot boot into Windows, determining the drive letter of the external USB drive may require a little trial and error. However, if you know how many drives and partitions your computer uses, you can probably guess the letter of the external drive without much trouble. For example, if the computer has only one hard drive with a single partition and one optical drive, the hard drive uses the "C:" drive letter and Windows usually assigns the "D:" drive letter to the CD/DVD drive. Therefore, if you connect an external USB hard drive to the system, Windows should assign "E:" as the drive letter by default.

Wait for the computer to copy the encrypted files and folders to the external drive. Depending on the number and size of the files, the transfer may take only a few seconds or could require several minutes.

Disconnect the USB hard drive from the computer. Reinstall Windows on the computer if you plan to restore the encrypted files to the same machine. After reinstalling Windows, reconnect the external hard drive to the computer and copy the files to the internal hard drive. If you don’t plan to restore the files on the same machine, simply connect the external drive to another computer and copy the files to that PC.

Open Windows Explorer, then copy the folder with the encrypted files to the computer's local hard drive (using the example above, to C:\\EncryptedFolder).

Copy to a USB flash drive the backup copy of your EFS certificate and security key. Alternatively, copy the EFS credentials to a CD or DVD.

Insert the flash drive or optical disc in the computer, click the Start button, type "certmgr.msc" in the search box, and press "Enter." Type in an administrator username and password if prompted. After the Certificate Manager window appears, click "Personal" in the left pane.

Click "Action" on the menu, select "All Tasks," and click "Import." The Certificate Import wizard appears. Click the "Next" button, then click "Browse," and navigate to the certificate and security key file on the flash drive or disc. After selecting the file, click "Open" and then "Next."

Select the "Place All Certificates in the Following Store" option and verify that the Personal store is the active selection. Click "Next" and then "Finish" to import the certificate to the computer.

Launch Windows Explorer and open the folder with the encrypted files. After importing the certificate and security key file, you can open and access the encrypted files normally.

We can recover encrypted file by using recovery software or data recovery wizard, Hirens software etc.